"Craig R. McClanahan" <[EMAIL PROTECTED]> wrote in message news:20021029215637.J8960-100000@;icarus.apache.org... > > > On Tue, 29 Oct 2002, Rustad, Aaron wrote: > > > Date: Tue, 29 Oct 2002 17:54:34 -0700 > > From: "Rustad, Aaron" <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > > Subject: RE: Force One page to not use SSL > > > > Man alive! Does this thread have to continue in this direction? Myself and > > Jeff both have similar problems, and we are requesting a common solution. I > > think we both expressed that we are aware of the consequences of our > > "security-flawed" approach to app design, yet everyone seems to think that > > this has not been thought through. > > > > Tomcat is downloaded roughly 100,000 times per month. From many many > years of experience supporting Tomcat users, I can *guarantee* you that > the vast majority of those who download Tomcat would *not* understand the > implications of being able to do this. > > > All I am asking is...does anyone know how to persist a session from HTTPs to > > HTTP. Any potential solutions are GREATLY appreciate...any other suggestions > > (even though they might be well-meaning) are discouraged. > > > > (a) It's open source. Download the source code for your favorite version > of Tomcat. Modify it to do what you want. > > (b) Spend a little more for your CPU and network bandwidth so that it's > not an issue. > > As a Tomcat committer, I will unconditionally veto any attempt to include > this mis-feature in a standard version of Tomcat. If you want a servlet > container that lets you hang yourself, please go elsewhere.
This mis-feature is in the standard version of Tomcat 3.3.1. > > > Thanks! > > Aaron. > > Craig -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
