tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: how to auto redirect to https from http
Date Mon, 11 Feb 2008 20:41:28 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave,

Dave wrote:
| The url is not changed when I point to
| http://www.mydomain.com/login.html in browser. The .html is mapped to
|  servlet. I expected it to change to https://....

I think David identified part of the problem: your XML is not set up
properly. Check out the DTD (or Schema) to see where the
<transport-guarantee> goes, and try again.

| Even start with https, if url-rewriting is used for session
| tracking(sessionid in url), it is not secure anymore, right?

Correct. To really have a secure system, you need to use HTTPS all the
time and always use cookie-based session tracking.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkewsvgACgkQ9CaO5/Lv0PA/yQCfWHMKGjDBPg0k2O5XJtlf9hFr
sNMAn044vYvhYx52FD3FWRjKFwX52ymx
=42yE
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message