Greetings folks, I've ran into a little SSL snag here. Currently I have Apache 2.2 and Tomcat 6.0 configured to run and talk to each other. It seems to work even though I have ONE static page in the entire project for right now.
What I want to do: Run the Login.jsp through SSL, after successful login, drop the SSL. The entire session doesn't need encrypted, only the login and password. I was directed over here from the Tomcat Mailing list. I figured that I'd ask. I am using the Tomcat's built in j_security_check to authenticate users login's. I'm very new to SSL so please forgive me if I am asking some very basic questions. My question: Is it possible to do the above scenario? Is it practical? Am I wasting my time on this if there is a better way of doing this? Thank you. - Josh
