Gregor Schneider wrote: > On Tue, Jan 6, 2009 at 9:13 PM, Diego Armando Gusava > <diegogus...@gmail.com> wrote: >> no man, example, email >> >> when u login, your username and password will be transport https, but >> after that, you are in http! u dont need https because, you are only >> reading messages(emails) >> > > Then just phrase your url-pattern in your security-constraint-section > accordingly - should work.
It won't. Tomcat won't let a session created under HTTPS transition to HTTP as the session ID is effectively the password. If the password needed HTTPS then the session ID does too. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
