Boyle Owen wrote:
Let's focus on this bit:
however whenever there is an incoming POST
from a form in the web application, the response from the
Tomcat causes
a switch to HTTP, where I need it to remain HTTPS.
I'm not sure I completely understand.. When you say, "causes a switch to HTTP", I assume
you mean that after you submit the form, the browser address window changes to "http"
(typically, this would be the acknowledgement page). If so, then the browser must be getting a
redirect that tells it to do this.
If not, can you explain in more detail exactly what happens at this point.
Well, essentially, what I'm trying to accomplish is this method of load
balancing:
http://tomcat.apache.org/tomcat-5.0-doc/balancer-howto.html#Using%20Apache%202%20with%20mod_proxy%20and%20mod_rewrite
but have the connection between the browser and the Apache httpd be over
https instead of http.
The problem that I'm seeing is that some of the URLs that come from the
Tomcat managed application lose the https and revert back to http. It
looks like it happens only in actions that originate from the web
application. When I posted my message yesterday, I suspected that it
had something to do with POST, but upon further investigation, I think
it happens with any URL, which originates from Tomcat, (and
consequently, it happens with POST request processing, since the
resulting URL is determined by the web application).
For example, there is a login screen in the web application. Getting
to the login screen over https is no problem, and it renders correctly.
When I fill in the user id and password and click the login button, this
causes the form to be submitted to the servlet which processes it and
determines the forwarding action (i.e. the URL the first screen of the
application). The problem is that the URL of this forwarding action is
now HTTP instead of HTTPS when it gets back to the browser.
I hope that makes it a little clearer, it's kind of difficult to explain
in email messages.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
