On Thu, Oct 29, 2009 at 2:19 PM, Octavian Râsnita orasn...@gmail.com wrote:
That's a rather odd requirement. Normally the requirement is to be
redirected to https _before_ logging in. It is, after all, the login
data, that you need to protect.
Isn't OK if the login form uses an
Hello,
I need some expert help on the following configuration task:
I have a startpage with a standard login form. After a user logs in, he
should be
redirected to use https for the rest of the session.
When I use a rewrite rule as shown below,
RewriteRule ^/login(.*)
On Thu, Oct 29, 2009 at 11:46 AM, ericdraven e...@schwagerus.de wrote:
Hello,
I need some expert help on the following configuration task:
I have a startpage with a standard login form. After a user logs in, he
should be
redirected to use https for the rest of the session.
That's a rather
I already tried this but it doesn't help, because the login- form uses the
POST method to transfer the data and there is no query string.
Krist van Besien wrote:
On Thu, Oct 29, 2009 at 11:46 AM, ericdraven e...@schwagerus.de wrote:
Hello,
I need some expert help on the following
When I use a rewrite rule as shown below,
RewriteRule ^/login(.*) https://%{SERVER_NAME}/login$1 [R,L]
the parameters get lost, because the request is translated to a GET request.
What do I need to do, to fix this problem?
Use the QSA flag, so the query string doesn't get lost.
QSA only
From: Eric Covener cove...@gmail.com
When I use a rewrite rule as shown below,
RewriteRule ^/login(.*) https://%{SERVER_NAME}/login$1 [R,L]
the parameters get lost, because the request is translated to a GET
request.
What do I need to do, to fix this problem?
Use the QSA flag, so the query
From: Krist van Besien krist.vanbes...@gmail.com
On Thu, Oct 29, 2009 at 11:46 AM, ericdraven e...@schwagerus.de wrote:
Hello,
I need some expert help on the following configuration task:
I have a startpage with a standard login form. After a user logs in, he
should be
redirected to use
OP is redirecting a POST, which is something to be avoided.
Why should a redirect after POST be avoided?
It's hairy, and the HTTP/1.1 RFC talks about potential confusion about
whether the client will re-submit the POST to the new URL [after
prompting the user] or send a GET to the new URL.
I
