HTTP/HTTPS differentiation (General questions)
by amirsky, Wednesday, March 17, 2010, 17:49 (5364 days ago)
I've been looking into setting up HTTPS on wodwebserver, but one thing I am unclear on is how a single webserver can differentiate between general HTTP requests and HTTPS.
Does the wobwebserver automatically handle that by the the simple presence of https in the url? Or is there a more complicated process?
Re: HTTP/HTTPS differentiation
by woddrazen, Wednesday, March 17, 2010, 18:12 (5364 days ago) @ amirsky
Hi,
Actually you should start two wodWebServer instance. One for HTTP and one for HTTPS server.
You can then access HTTP server using http://url and HTTPS using https://url.
You can find example here how to create HTTP and HTTPS server:
http://example.weonlydo.com/index.asp?prod=wodWebServer
Let us know how it goes.
Regards,
Drazen
Re: HTTP/HTTPS differentiation
by amirsky, Wednesday, March 17, 2010, 18:25 (5364 days ago) @ woddrazen
But suppose I want a client-server model when user's login in to access the webserver. Wouldn't having two webservers require the users to login to two separate accounts?
Re: HTTP/HTTPS differentiation
by woddrazen, Wednesday, March 17, 2010, 19:14 (5364 days ago) @ amirsky
Hi,
You can allow same user on both server. Actually you can make both server to response same.
Inside your project you can call two wodWebServer instance. One for HTTP server and other for HTTPS server. They have separate Events but you can execute same code inside both server Events.
For example you can use same code inside LoginPassword Event for HTTP server and for HTTPS server. So user will be able to access HTTP and HTTPS server using same account.
Actually maybe better solution is to make some external function. You can then call that function from HTTP server LoginPassword Event and from HTTPS server LoginPassword Event.
In that case same function will be execute on both servers. So HTTP and HTTPS server will response server no meter which one you use. If you use same logic for all other Events both server will response same.
Drazen
Re: HTTP/HTTPS differentiation
by amirsky, Sunday, March 21, 2010, 15:56 (5360 days ago) @ woddrazen
I have run into the problem i had feared. I have 2 wbeserver instances one HTTP and the other HTTPS. Both do nothing but pass on the request to the same handler function.
Yet, If i log in through HTTP a request then sent through HTTPS returns user not logged in .
Any ideas?
Re: HTTP/HTTPS differentiation
by wodDamir, Sunday, March 21, 2010, 19:20 (5360 days ago) @ amirsky
Hi,
When SSL -> non-SSL transition occurs, the Client (browser) also treats it as a new session, and won't even send the same request to server again, but will treat it as a new connection.
So, basically in order to achieve this, when the transition occurs, you should provide server with some ID of the user (use QueryString perhaps).
You should try creating an external Session collection for each user, and then when user logs in, create a new entry, let's say IsLoggedIn . Now, when user switches to SSL or non-SSL, you can use QueryString to locate the User in your database, and check your collection if that user is logged in or not.
Hope this helps.
Regards,
Damba
