tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Diego Armando Gusava" <diegogus...@gmail.com>
Subject Re: j_security_check with https
Date Tue, 06 Jan 2009 20:13:47 GMT
no man, example, email

when u login, your username and password will be transport https, but
after that, you are in http! u dont need https because, you are only
reading messages(emails)

2009/1/6 Caldarale, Charles R <Chuck.Caldarale@unisys.com>:
>> From: Diego Armando Gusava [mailto:diegogusava@gmail.com]
>> Subject: Re: j_security_check with https
>>
>> when i try to access mySecurePath for example, tomcat show me a login
>> page with https but after that i dont need for example be with https,
>> because i only need to send protected username and password.
>>
>> i want to only need login.jsp with https!!
>
> You cannot switch a secure (HTTPS) session to an insecure transport (HTTP) - your login
would be worthless if you could.  Once you log in via SSL, you'll need to stay with HTTPS
to utilize the session.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message