no
-Tim
August Detlefsen wrote:
In my webapp I force clients to use SSL encryption for logins with a
security constraint and transport-guarantee elements like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, once a user hits the login page, every subsequent page also
uses https. Is there a way to force them back to regular http once they
leave the login section?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]