> From: Gregor Schneider [mailto:rc4...@googlemail.com] > Subject: j_security_check & SSL > > is there any way to achieve encryption for the > Login-process without a valid SSL-cert?
We normally use a self-signed certificate. That does pop up a browser message to that effect, which might scare off clients that haven't been forewarned. Note that if the login is performed under HTTPS, the generated session is only for HTTPS; falling back to HTTP will result in use of a different session object. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
