>From http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html -- "Any pages which absolutely require a secure connection should check the protocol type associated with the page request and take the appropriate action of https is not specified."
Also, "When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself." However, when I check "request.getProtocol()" I get "HTTP/.1.1" even when I'm connecting via SSL (url shows https: and browser shows "lock" and confirms 128 bit SSL) -- what gives? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]