tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject RE: switch between http and https. how?
Date Sat, 27 Oct 2001 01:07:23 GMT


On Fri, 26 Oct 2001, Taavi Tiirik wrote:

> Date: Fri, 26 Oct 2001 17:16:19 +0200
> From: Taavi Tiirik <taavi@ibs.ee>
> Reply-To: tomcat-user@jakarta.apache.org
> To: tomcat-user@jakarta.apache.org
> Subject: RE: switch between http and https. how?
>
> > > I have Tomcat 4 running fine with both http and https protocols.
> > > I would like to use http for serving most of the documents and
> > > only j_security_check (form based login) should be done over
> > > https. How can I configure this?
> > >
> >
> > There is no way to configure this.
>
> Thanks, Craig!
>
> Now I am a bit lost. Would it make sense then to have a whole
> site served over https?

If you are concerned about someone hijacking your session, that's pretty
much the only choice.

> What are the best practices of
> secureing login information as well as session id cookie?
>
> with best wishes,
> Taavi
>
>
>

Craig



--
To unsubscribe, e-mail:  <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message