httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Gifford <>
Subject Re: [users@httpd] Need some SSL help please.
Date Fri, 07 Aug 2009 15:20:46 GMT
Josh Gooding <> writes:


> Run the Login.jsp through SSL, after successful login, drop the SSL.  The
> entire session doesn't need encrypted, only the login and password.  

Sure, that's possible.  The general strategy is to accept the username
and password on a secure connection, and if they are correct generate
a session ID which can be used for future authentication.  You can
return this to the browser in a form or the URL (maybe in a cookie,
not sure if cookies can be passed between HTTP and HTTPS sites), and
the non-encrypted part of your application would just check that the
session ID is valid.

I don't know of an Apache module that will do this for you, and I
don't know anything about Tomcat, but at a high level that's a common

Hope this helps,


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message