> > I have Tomcat 4 running fine with both http and https protocols. > > I would like to use http for serving most of the documents and > > only j_security_check (form based login) should be done over > > https. How can I configure this? > > > > There is no way to configure this.
Thanks, Craig! Now I am a bit lost. Would it make sense then to have a whole site served over https? What are the best practices of secureing login information as well as session id cookie? with best wishes, Taavi