-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thilani,
On 8/29/2009 9:23 AM, Thilani wrote: > I am developing a web application which is require login for users. I want > to use HTTPS for login only. Your biggest problem will be maintaining the session id across the HTTP->HTTPS switch. See this message for an idea of what you will probably have to do: http://markmail.org/message/xj3o23n5ke4z2kbl I agree with Mark's assertion that secure logins really ought to be coupled with secure traffic for the entire session. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqayukACgkQ9CaO5/Lv0PDfMQCeLPslcUVO6PUhiM5uG9oFs0Wx neAAoJxmYcoh32JHsJ4SDO9pESx69EYB =8CSH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
