Hi
First thanks for your answer.
>
>Date: 14 Jun 2002 12:33:35 -0400
>To: [EMAIL PROTECTED]
>From: Vivek Khera <[EMAIL PROTECTED]>
>Subject: Re: location of LoginScript in Apache::AuthCookie* modules
>Message-ID: <[EMAIL PROTECTED]>
>
>>>>>> "ED" == Eric Doutreleau <[EMAIL PROTECTED]> writes:
>
>ED> Right now i would like to make user authenticate throug a SSL
>ED> page.
>ED> In order to do that i modify the configuration script to use
>
>ED> PerlSetVar WhatEverLoginScript https://corbeau/perl/login.pl
>
>Well, in order to be able to get the original location, this has to be
>done via an internal redirect. When you switch protocols (ie, from
>http to https) you cannot do internal redirect.
>
I was indeed afraid of that.
>But really, your login page doesn't need to be ssl secured as there is
>no information in it. What you want is the target of the from in that
>page to be aimed at an SSL URL. That's the transaction you want
>secured, since that's where the id/password are sent.
>
Well
what i want to secure is the sending of the login/ password.
But i don t want at all to send the html pages in sll.
Therefore i want to switch on ssl for sending the login and password and
switch back to http after when i set the cookie.
Is that possible?
>--
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Vivek Khera, Ph.D.Khera Communications, Inc.
>Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497
>AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
>
>--