(keitai-l) Re: AU Phones, Cookies and SSL

From: Curt Sampson <cjs_at_cynic.net>
Date: 08/12/05
Message-ID: <Pine.NEB.4.62.0508121049470.5468@angelic.cynic.net>
On Thu, 11 Aug 2005, marcus saw wrote:

> Try URL re-writing to pass a session ID and store all the data in the
>session on your server instead of a cookie.

The only thing I store in the cookie is the session ID anyway. But that
is what I ended up doing; when I redirect from an http page to an https
page, I always rewrite that URL, even if I have URL rewriting turn off.
That lets the new page handler find the session without a cookie, and I
then issue a new cookie at that point.

> Keitais don't accept cookies as a rule, but you said you sent one so
>now I am confused.. Is this a new feature or have I got the wrong end
>of the stick?

AU keitai do accept and return cookies. Except in this one special case,
it seems.

> I have done something similar to what you seem to be doing with
>re-directing pages to https versions and I used sessions to hold all
>the user specific data and it worked perfectly.

But worked on what browser? I think I mentioned that it works fine for
me with Mozilla.

> Also are you using a full 'verisign' certificate, because thats the
>only type that the phones will allow without giving you an annoying
>'nag' message.

Yes, I'm using a certificate signed by a certificate in the phone's
internal list. In fact, AU phones (or at least my two examples) will
refuse to connect to sites with a certificate not signed by one of
these.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974

***   Contribute to the Keitai Developers' Wiki!   ***
***           http://www.keitai-dev.net/           ***
Received on Fri Aug 12 05:11:06 2005