Share session between http and https
I have a web application with user login. after login the user is in https and he can browse in some categories and select a product. when he select a product he goes inside product detail that must be in http because this page has a iframe that call an external url and this url enable additional informations about that product. but it works only if the referrer is in http and not in https, so we must redirect in http where the user is in product detail.
but if we do that, the user lose his session because he passes from https to http (in other words he is logged out).
We useglassfish 2.
how can we avoid this problem?
session id should be sent across
If the session id is transferred, then I think you would not face a problem