tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to redirect from HTTPS to HTTP
Date Sun, 30 Aug 2009 18:54:33 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thilani,

On 8/29/2009 9:23 AM, Thilani wrote:
> I am developing a web application which is require login for users. I want
> to use HTTPS for login only.

Your biggest problem will be maintaining the session id across the
HTTP->HTTPS switch. See this message for an idea of what you will
probably have to do:

http://markmail.org/message/xj3o23n5ke4z2kbl

I agree with Mark's assertion that secure logins really ought to be
coupled with secure traffic for the entire session.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqayukACgkQ9CaO5/Lv0PDfMQCeLPslcUVO6PUhiM5uG9oFs0Wx
neAAoJxmYcoh32JHsJ4SDO9pESx69EYB
=8CSH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message