-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave,
Dave wrote: | The url is not changed when I point to | http://www.mydomain.com/login.html in browser. The .html is mapped to | servlet. I expected it to change to https://.... I think David identified part of the problem: your XML is not set up properly. Check out the DTD (or Schema) to see where the <transport-guarantee> goes, and try again. | Even start with https, if url-rewriting is used for session | tracking(sessionid in url), it is not secure anymore, right? Correct. To really have a secure system, you need to use HTTPS all the time and always use cookie-based session tracking. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkewsvgACgkQ9CaO5/Lv0PA/yQCfWHMKGjDBPg0k2O5XJtlf9hFr sNMAn044vYvhYx52FD3FWRjKFwX52ymx =42yE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
