I am working on a web application that should use different domains for access via http and https. Now I am faced with the following problem: while the user accesses the http domain, some information is stored inside the session. When the user makes the transition to https, the information the user is in belongs to the user (since the session identifier is stored in a cookie that is associated with the http domain).
How can I reconnect the correct session to the user after he switched domains?
Is it possible to execute any java code before the redirect caused by requires-channel="https"?
Edit: I thought there might be something specific in Spring Security, but so far I have not been able to find anything in the documentation.
Edit 2: It just turned out what I probably needed to do was replace ChannelProcessingFilter with a custom implementation. But I don’t know what I need to do to ensure Spring is safe to accept my new class instead of the standard ChannelProcessingFilter. Note. I am using Spring 3.0.
source
share