(keitai-l) Re: AU Phones, Cookies and SSL

From: marcus saw <saw_marcus_at_yahoo.com>
Date: 08/12/05
Message-ID: <20050812054940.14155.qmail@web30714.mail.mud.yahoo.com> 
Hi Curt,
 
You asked which browser this has worked for me on.  I have verified this type of session handling over SSL on the following Japanese keitai browser versions ( not the full list ): DoCoMo/1.0, DoCoMo/2.0, UP.Browser/3.04 (HDML), UP.Browser/6.2.0.9 ( XHTML ), J-PHONE/4.3, Vodafone/1.0
 
The phones connected initially on http creating a session, stored user specific data to the session, then redirected ( by code ) to https, retained the session information added some more and then redirected back to the http and all was well.
 
Not all handsets in circulation support SSL but most phones less than a year old and and all the latest releases do.  
 
Hope that helps?
 
 
Marcus.
http://cellsuite.blogspot.com

Curt Sampson <cjs@cynic.net> wrote:
On Thu, 11 Aug 2005, marcus saw wrote:

> Try URL re-writing to pass a session ID and store all the data in the
>session on your server instead of a cookie.

The only thing I store in the cookie is the session ID anyway. But that
is what I ended up doing; when I redirect from an http page to an https
page, I always rewrite that URL, even if I have URL rewriting turn off.
That lets the new page handler find the session without a cookie, and I
then issue a new cookie at that point.

> Keitais don't accept cookies as a rule, but you said you sent one so
>now I am confused.. Is this a new feature or have I got the wrong end
>of the stick?

AU keitai do accept and return cookies. Except in this one special case,
it seems.

> I have done something similar to what you seem to be doing with
>re-directing pages to https versions and I used sessions to hold all
>the user specific data and it worked perfectly.

But worked on what browser? I think I mentioned that it works fine for
me with Mozilla.

> Also are you using a full 'verisign' certificate, because thats the
>only type that the phones will allow without giving you an annoying
>'nag' message.

Yes, I'm using a certificate signed by a certificate in the phone's
internal list. In fact, AU phones (or at least my two examples) will
refuse to connect to sites with a certificate not signed by one of
these.

cjs
-- 
Curt Sampson +81 90 7737 2974

*** Contribute to the Keitai Developers' Wiki! ***
*** http://www.keitai-dev.net/ ***


This mail was sent to address saw_marcus@yahoo.com
Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/ 



Send instant messages to your online friends http://uk.messenger.yahoo.com
Received on Fri Aug 12 08:49:43 2005