Re: WOHyperlink secure binding and insecure domain
Re: WOHyperlink secure binding and insecure domain
- Subject: Re: WOHyperlink secure binding and insecure domain
- From: Chuck Hill <email@hidden>
- Date: Thu, 21 Apr 2005 13:18:19 -0700
On Apr 20, 2005, at 11:49 PM, Denis Frolov wrote:
Thanks for you ideas,
on 4/21/05 12:58 AM, Chuck Hill at email@hidden wrote:
This is not a standard arrangement so you are going to have to do some
work. A couple of ideas:
1. If you are using Apache, use mod rewrite to change
http://secure.foo.bar to https://secure.foo.bar and
https://www.foo.bar
to http://www.foo.bar
I think I don't follow you here. WOHyperlink should move me from one
domain
to another (i.e. from www.foo.bar to secure.foo.bar). So, I would
assume,
that rewrite should do the following redirects:
https://www.foo.bar to htts://secure.foo.bar and http://secure.foo.bar
to
http://www.foo.bar
because "secure" binding would merely change the https to https and
rewrite
will do the redirect to another domain. Or am I missing something?
That is what I meant.
Anyway, the problem I get here is that WOHyperlink is using the ip
adress of
my dev computer instead of the one found in request url if used with
"secure" binding (i.e. it changes http://www.foo.bar to
https://192.168.0.x), which makes testing and development impossible.
Is the WOHost property set correctly? IIRC, there were some bugs in
URL generation. I usually make my own.
I have a setup with a NAT computer with public IP having both secure
and www
domains and a rewrite that passes all the requests to these domains to
my
local dev machine in private network behind the NAT.
2. Use the href binding and generate your own URLs. It is not hard.
Can you give me an example of such generation? I've searched the lists
and
found this post:
http://wodeveloper.com/omniLists/webobjects-dev/2001/July/msg01327.html
It is not very hard.
1. Choose http:// or https://
2. Get the host name from the request
3. Add the adaptor fragment, e.g. /cgi-bin/WebObjects
4. Add context().componentActionURL()
While this should work, it doesn't really look like an elegant
solution.
Probably, there is a more straightforward way?
Yes, use the same domain for secure and insecure requests. I don't see
the need to have two domains for this.
Another question that I have in this setup is what would be the
recommended
way to have one session on both domains? Right now, I just try to pass
wosid
and woinst along with urls that change the domain to preserve the
session.
But probably setting a cookie to a second level domain (common to both
domains) would be a better solution?
Again, I'd much prefer to have a single domain. You can set the cookie
to the second level domain, but you are going to have to manage these
yourself.
Chuck
Chuck
On Apr 20, 2005, at 4:01 AM, Denis Frolov wrote:
I am using two domains for secure and insecure sections on site. E.g.
I have
secure.foo.bar for secure pages and www.foo.bar for insecure pages.
What
would be the easiest solution to invoke a component action on the
secure
page leading to an insecure page. Using "secure" binding is not
enough
because the domain name remains unchanged. Is there any way to
change a
domain name along with the "http" string in the component action url
using
WOHyperlink? If not, what would be a recommended solution?
Thanks in advance.
---
Denis Frolov
Media-agency DesignMaximum
Tel: +7 863 2648211
Fax: +7 863 2645229
Web: http://www.demax.ru
Web: http://www.mactime.ru
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
village.net
This email sent to email@hidden
---
Denis Frolov
Media-agency DesignMaximum
Tel: +7 863 2648211
Fax: +7 863 2645229
Web: http://www.demax.ru
Web: http://www.mactime.ru
--
Practical WebObjects - a book for intermediate WebObjects developers
who want to increase their overall knowledge of WebObjects, or those
who are trying to solve specific application development problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden