Don't do it. It has been pointed out several times that it is not recommanded to switch from https to http and stay in the same session. That would open a !!!BIG!!! security hole.
If you really know what you are doing, you can write a filter that redirects every request that came in over HTTPS (except the ones for your login pages) to HTTP. > -----Ursprüngliche Nachricht----- > Von: Drinkwater, GJ (Glen) [mailto:[EMAIL PROTECTED]] > Gesendet: Freitag, 9. August 2002 15:11 > An: '[EMAIL PROTECTED]' > Betreff: SSL just for a login page > > initial login page which sends the username and password to a > servlet that checks them against a database. I want to have > the informatin sent over ssl but then i want the user to be sent -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>