From: "Krist van Besien" <krist.vanbes...@gmail.com>
On Thu, Oct 29, 2009 at 11:46 AM, ericdraven <e...@schwagerus.de> wrote:
Hello,
I need some expert help on the following configuration task:
I have a startpage with a standard login form. After a user logs in, he
should be
redirected to use https for the rest of the session.
That's a rather odd requirement. Normally the requirement is to be
redirected to https _before_ logging in. It is, after all, the login
data, that you need to protect.
Isn't OK if the login form uses an action="https://..."; attribute?
The request would be made using HTTPS, not HTTP, so it should be protected,
no matter that the original page was using HTTP.
Thanks.
Octavian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
