-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert,
On 11/10/2009 5:07 AM, Robert Denison wrote:
> if (logged in) {
> if (https) goto http
> } else {
> if (http) goto https
> }
I've outlined this in another post, but I'll repeat it, here:
1. Modify your login page to check for HTTPS. If the request isn't
secure, redirect back to yourself in HTTPS mode.
2. Write a filter that checks for secure mode. If you're in secure mode,
do the following:
a. Check for a JSESSIONID cookie. If one exists and it's in
secure mode, create a new cookie with the same name, path,
and value, but make sure it's /not/ in secure mode. Add this
to the response.
b. redirect back to yourself in HTTP mode
I believe the above combination will get you what you're looking for.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr5zE4ACgkQ9CaO5/Lv0PDd3QCgmcskkwkUodIxKKzwI/rdQIR/
WUEAn33AejWyKyk5S8jjK/1QX84qjvj+
=2P/v
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
