tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dirk ooms <d...@onesparrow.com>
Subject Re: only https on login form
Date Thu, 06 Jul 2006 07:26:15 GMT
Mark,

Thanks for your answer. So is it common practice to keep the complete session 
encrypted even if one only desires encrypted authentication?

cheers,
dirk

On Thursday 06 July 2006 03:01, Mark Thomas wrote:
> dirk ooms wrote:
> > Is there a way to do this or am i missing something?
>
> Not without writing some custom code. Your first security-constraint
> will be ignored unless the user directly requests the login page
> (which will give a different error).
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message