Hello Using DSpace 1.4.2 and Tomcat5, I enabled HTTPS for the password-related pages/servlets by following the instructions at http://wiki.dspace.org/index.php/ServletSecurity. This works fairly well, i.e. the user is automatically redirected to HTTPS while logging in, and after successful authentication he somehow gets redirected back to plain HTTP.
However, in some situations the user gets "stuck" on the https site (which causes an unnecessary burden on the server). E.g. if an authenticated user clicks on Edit Profile (/profile) servlet, he's redirected to HTTPS and never gets back to HTTP. Does anyone have a neat and easy solution to this? Or an explanation of how the redirecting-back-to-http-after-logging-in is implemented? (I know that this issue could be avoided by doing the entire SSL thing in Apache running a mod_jk connector as a front-end for Tomcat, but I'd like to keep the setup nice and clean -- which means leaving Apache out of the game.) Best regards Mathias Hjelt ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
