Hi All I have a shopping site which I have built using Struts 1.1 and Tomcat 5.5 (if that matters).
If the user tries to checkout with a purchase, with out a valid session they are forwarded to the "Sign On" page. For security, once the user "signs on" they are transferred to the SSL version of the site. I have done this by having the <forward> redirect to an absolute path with the url containing the https request header. Ie <forward name="success" redirect="true" path="https://DOMAIN-NAME/shop/index.shtml"/> Maybe this is the wrong thing to do? It is however possible for the user to leave the SSL version of the site and then proceed with their purchase without forcing the user back to SSL. My question is What is the best way to ensure that once a user has signed on that all transactions are via the SSL? -- Tim Coy Timco Electronics Pty Ltd [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
