tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 7819] New: - https and http session-semantics control
Date Sun, 07 Apr 2002 18:46:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7819>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7819

https and http session-semantics control

           Summary: https and http session-semantics control
           Product: Tomcat 4
           Version: 4.0.2 Final
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: anders.rundgren@telia.com


Many people are using https for an authentication form and then for performance 
reasons reverting to http.  Although not an ideal way of doing things it should 
IMO be supported as an option.  Exactly what this means for the Tomcat 
internals, is outside of my competence but at least the &Secure cookie 
extension should be affected.  This should be a configuration setting that 
default supports the security needs of the servlet specification, but allows 
this to be changed.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message