> If I use the action mapping and forward to a full url specifying the > type [http, https], then I have to do a redirect, and then the jsp > page shows up in the url, and that is not good. So I hate that idea.
Why does the jsp have to show up in the url? Why not redirect to a full struts url, eg, http://foo.com/bar/action1.do redirects to https://foo.com/bar/action2.do and action 2 forwards to a jsp. I had this same issue last week - log on page had to be ssl, but rest of site not. So, i just make the link to login.do a full link inc https and sessionid, and make the login success forward redirect to the non ssl full link. Worked a treat. The biggest problem i came accross was that the site runs on www.foo.com, but ssl is on foo.com, and tomcat doesnt seem to let you set a domain for session cookies (PLEASE TELL ME IF I AM WRONG!!!), so i had to bodge it: i added a servlet filter that checks for a session, and if it's new, sets an extra cookie for the base domain. > Then I found the sslext at sourceforge ... but cannot find any > information on how this works, how to configure, etc. And the mailing > lists look like a ghost town. Never used it so i cant comment. Daniel. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
