In technical terms, I don't think it does because a cookie has been
set for that host and/or path, so if you access the same host/path
with a different scheme I think the cookie is still valid.
In practical terms, I think it has to work that way, or else we'd
break the style of application that uses HTTP pages except for an
HTTPS login or personal information entry page -- where the user is
essentially expected to go back and forther between HTTP and HTTPS as
part of the same sequence and without logging in again or being
forgotten.
Thanks,
Aaron
On 1/18/06, Vamsavardhana Reddy <[EMAIL PROTECTED]> wrote:
> Consider the following scenario.
>
> After starting Geronimo, open a browser window and access
> http://localhost:8080/console/portal/welcome . Browser
> displays the login page. After entering the userid/ password and clicking
> on Login button, browser displays welcome page at
> http://localhost:8080/console/portal/welcome . Now,
> through the same browser window, access the URL
> https://localhost:8443/console/portal/welcome . At this step, the browser
> displays the welcome page without asking for login information. Doesn't the
> web application require authentication again at this step?
>
>
>
>
>
