On Mon, 28 Oct 2002, Rustad, Aaron wrote:
> Date: Mon, 28 Oct 2002 17:48:40 -0700 > From: "Rustad, Aaron" <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: Force One page to not use SSL > > I am trying to force one page NOT to use HTTPS and still maintain the > session. I have looked in mailing list, and all I see is how you are not > supposed to do this. Well, I really...really...really need to do this and > yes, I understand that I shouldn't. > > So, if anyone knows how I can maintain the session that is given to my > client from HTTPS -> HTTP I would greatly appreciate it. > There is no support for this because it would be a huge security hole. For much discussion on this topic, check the mailing list archives. > Some background: > > 1. IIS as a front for Tomcat 4.0.1. > 2. Using AJP13 > > Thanks! > Aaron. Craig -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>