On Tue, 29 Oct 2002, Rustad, Aaron wrote:
> Date: Tue, 29 Oct 2002 17:54:34 -0700 > From: "Rustad, Aaron" <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > Subject: RE: Force One page to not use SSL > > Man alive! Does this thread have to continue in this direction? Myself and > Jeff both have similar problems, and we are requesting a common solution. I > think we both expressed that we are aware of the consequences of our > "security-flawed" approach to app design, yet everyone seems to think that > this has not been thought through. > Tomcat is downloaded roughly 100,000 times per month. From many many years of experience supporting Tomcat users, I can *guarantee* you that the vast majority of those who download Tomcat would *not* understand the implications of being able to do this. > All I am asking is...does anyone know how to persist a session from HTTPs to > HTTP. Any potential solutions are GREATLY appreciate...any other suggestions > (even though they might be well-meaning) are discouraged. > (a) It's open source. Download the source code for your favorite version of Tomcat. Modify it to do what you want. (b) Spend a little more for your CPU and network bandwidth so that it's not an issue. As a Tomcat committer, I will unconditionally veto any attempt to include this mis-feature in a standard version of Tomcat. If you want a servlet container that lets you hang yourself, please go elsewhere. > Thanks! > Aaron. Craig -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
