<<< "Fabrizio Pivari" <[EMAIL PROTECTED]> 10/ 7 10:47a >>>
>I've tested HTTPS with Client Authentication and
>it works good to me. After the initial Client
>Authentication with HTTPS I'd like to pass all
>on HTTP (more speedy) preserving the user access.
>Is it possible? Can you suggest me how I can
>configure this?
It'd require being a little sneaky, but I'd think a good way to go about
this would be setting a cookie with a session identifier with a 0
expiration. Of course, this is only as trustworthy as the network,
because anybody sniffing the wire after the session switches to HTTP can
steal the session ID cookie and start using it, posing as your
"authenticated" client. <shrug>
--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
