Thilani wrote: > After successfully login I want to direct users to http connection
That is a really bad idea. If the threats to your system are such that you need to protect the login process using SSL then you should be providing the same level of protection for your session ID and running everything post authentication over SSL. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
