Mark,
Thanks for your answer. So is it common practice to keep the complete session
encrypted even if one only desires encrypted authentication?
cheers,
dirk
On Thursday 06 July 2006 03:01, Mark Thomas wrote:
dirk ooms wrote:
Is there a way to do this or am i missing something?
Not
Hi List,
I am using a form-based login in my Tomcat application. My intention was to
use https on the login form page, but once the user is logged in, http would
be ok for further interaction (my main concern was not to send the password
in the clear).
I had hoped to obtain this behavior with
dirk ooms wrote:
Is there a way to do this or am i missing something?
Not without writing some custom code. Your first security-constraint
will be ignored unless the user directly requests the login page
(which will give a different error).
Mark