Mark, Thanks for your answer. So is it common practice to keep the complete session encrypted even if one only desires encrypted authentication?
cheers, dirk On Thursday 06 July 2006 03:01, Mark Thomas wrote: > dirk ooms wrote: > > Is there a way to do this or am i missing something? > > Not without writing some custom code. Your first security-constraint > will be ignored unless the user directly requests the login page > (which will give a different error). > > Mark > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]