I believe you should look more at this for logout. I believe the requestQueryString should by-passed if a logout, such as a time out, is being processed.
not sure when in the backend if we want a http for inside pages. so would have to check if the app is eccommerce type. not sure that is a real clean way to do it. since you wold have make code to deal clone apps of eccomerce. Jonathon -- Improov sent the following on 12/30/2007 7:24 PM: > When callRedirect() is called, the response is committed. That means > LoginWorker fails when trying to create a new session. > > I understand that we can do "<@ofbizUrl > secure="true">logout</@ofbizUrl>". But that really looks like a > workaround. Is it wrong to call "logout" in http, rather than in https? > For efficiency, we often want only the login page in https, and the > inside pages in http. > > If you wanna fix this, it's in RequestHandler.java line 129. > > Jonathon > > >
