> From: Art [mailto:[EMAIL PROTECTED] > Subject: Re: standard Apache 2.2 & Tomcat 5.5 config to avoid > open-proxies > > Since 5.5, I really like the performance of a pure Tomcat solution and > would alway choose this option, but in order to use SSL with > my webapp I need to use it:
SSL in Tomcat works fine. Dropping back from https to http *on the same session id* is a security risk, which is why Tomcat won't do that. The usual trick is to insure that the webapps use different sessions for the protected and unprotected areas. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
