1 Reply Latest reply on Oct 6, 2008 6:47 AM by Tomas Cerny

    Servlet session not perserved on scheme change ...

    Francis Chong Newbie

      Hi,


      We would like to secure our apps login page with SSL. We followed the seam reference to configure login pages with scheme https in pages.xml. We also setup invalidate-on-scheme-change to false in components.xml.


      This works most of the time. If user access any page in http, they are redirected to login page (https). Upon login they were redirected to http pages.


      However, when user access login page in https directly, after they logged in and redirected to http pages, seam considered the user as not logged in. They were login in https scheme but not http.


      We are using Seam 2.0.1 with JBoss 4.2.2GA. To reproduce the problem, open the seam example seamspace, replace the page.xml and components.xml with following files:  http://phpfi.com/300418 http://phpfi.com/300417 . Start the server, open the page https://127.0.0.1:8443/seam-space/ . After login click any http link - seam will think user as not authenticated in all http pages.


      Regards
      Francis