.
Not the best solution, but with deadline looming it did the job.
Later, when switching with Struts, this ported nicely(if you can call it
that) by extending sslext.
In the end I wish this was covered by the servlet spec.
Does anybody know how other containers behave(Jetty, Resin, etc)?
-Henrik
this in mod_ssl
user group, but if anybody here konws a lot easier)
3. more of a question: should I configure 2 coyote connectors, one for http
and one for https in tomcat? Even when apache is doing all the certificate
management?
hope someone can help
Henrik Bentel
the
security point of view, this is worse than useless (worse because it gives
you a false sense of confidence).
Craig
Craig R. McClanahan wrote:
On Fri, 18 Oct 2002, Henrik Bentel wrote:
Date: Fri, 18 Oct 2002 23:07:17 +
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users
.
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
Date: Thu, 17 Oct 2002 04:45:21 +
ok, I see your point.
My approach is that I only use https to scramble
tracking and redirection http--- https
Date: Fri, 18 Oct 2002 14:13:40 -0700
is the request method changing in redirection, for example post to get ??
if it is, use HttpServletResponse.encodeURL()
Henrik Bentel wrote:
Another weird behaviour I just discovered is the following:
If a httpsession
Help!
I recently tried to upgrade my version of Tomcat from 3.3 to 4.1(I also
tried 4.0). My problem is that for some reason the httpsession is lost after
redirection from https to http. I run apache in front of tomcat to handle
static content plus certificate. My webapp depend on the ability
ok, I see your point.
My approach is that I only use https to scramble the login request itself,
so that a login password cannot be read,or sniffed, in clear text(it
probably still can, if someone really, really tries). Nothing critical is
stored in the http session itself.
A lot of websites