-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prashant,
Prashant Kalkar wrote: | I am trying to use HTTPs for my login page. After the logging is done the | subsequent pages should use HTTP. | | I succeeded in using HTTPs for login page. but after login page the | redirection from HTTPs to HTTP is not happening. All the pages are using | HTTPs. | | I configured the security-constraint as CONFIDENTIAL only for the login page | url. Are you explicitly sending the user back to HTTP in any way? If you don't, the browser will simply continue to use https:// URLs. | Also while I searched on this issue on net and found a possible problem as | the session created in HTTPS can not be used in HTTP, so the session should | be first created in HTTP. Correct. This is actually cookie "feature", not exactly Tomcat-related. | So I created the session using request.getSession(true) in a filter before | redirecting to the login page. But it still not working. What is the URL that redirects to your HTTPS login page? After login, what steps do you take? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAkgGQzEACgkQ9CaO5/Lv0PB/ywCdFklWOfSJHMcLHCEMHeUWbQQb 7L8AmPUjKnb/TxNUptW7ly4G/HY37ic= =+zko -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
