i should have mentioned the request headers, not session headers. Thanks. On Wed, May 5, 2010 at 11:58 PM, Chuck Hill <[email protected]>wrote:
> > On May 5, 2010, at 1:32 AM, Cheong Hee wrote: > > Just to ensure i don't pretend to understand well... >> What are the headers of each page, you meant session headers or some >> attributes defined for secured pages? >> > > The HTTP headers. See context().request().headers() > > > > >> You need to check the headers on each page that should be SSL protected >>> to ensure that access was from an https URL. If not, redirect to the https >>> version or show an error message. Otherwise, yes, the user could access >>> the secure parts in an unencrypted manner. >>> >>> Chuck >>> >>> >> Cheers >> >> Cheong Hee >> > > -- > Chuck Hill Senior Consultant / VP Development > > Practical WebObjects - for developers who want to increase their overall > knowledge of WebObjects or who are trying to solve specific problems. > http://www.global-village.net/products/practical_webobjects > > > > > > > >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
