tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: https --> http session problem
Date Wed, 19 Nov 2003 08:59:25 GMT
On 11/19/2003 03:58 AM Henrik Bentel wrote:
> Had an application which had 3 different types of users:
> One group should be authenticated using https only to protect password, 
> then switch to http, but sometimes switch back to https again.

This is my main requirement.

Ideally what I would like to see in the servlet spec is something 
stating that another login is required if you want to change to a higher 
level of security.

i.e. you can downgrade from https to http no problem, but if logged-in 
users want to go from http to https, they have to login again.


Adam
-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message