tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: How to redirect from HTTPS to HTTP
Date Sat, 29 Aug 2009 19:04:30 GMT
Thilani wrote:
> After successfully login I want to direct users to http connection

That is a really bad idea. If the threats to your system are such that
you need to protect the login process using SSL then you should be
providing the same level of protection for your session ID and running
everything post authentication over SSL.

Mark




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message