tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: https --> http session problem
Date Wed, 19 Nov 2003 08:59:25 GMT
On 11/19/2003 03:58 AM Henrik Bentel wrote:
> Had an application which had 3 different types of users:
> One group should be authenticated using https only to protect password, 
> then switch to http, but sometimes switch back to https again.

This is my main requirement.

Ideally what I would like to see in the servlet spec is something 
stating that another login is required if you want to change to a higher 
level of security.

i.e. you can downgrade from https to http no problem, but if logged-in 
users want to go from http to https, they have to login again.

struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message