> your site is http, but post-login, it changes to https Ohh, I guess you mean pre-login. Like one could be browsing a site using HTTP. Then, when clicking a login link or payment link one would get to a HTTPS page at which the credentials are entered. So, the credentials are encrypted as well.
Yes, I assume Gavin's idea to rotate the cookie whenever the protocol changes might be good. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4050712#4050712 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4050712 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
