On 11/03/2010 12:24, Cummins College wrote:
Hi,
I know that https by enabling the secure attribute to true.
No. More is required.
But what if I want to "disable" the http connector?
You don't. You just want to force the user to use HTTPS, which is not
the same thing at all.
To elaborate, I want the https connector to be disabled when http runs and
vice versa.
Again, no you don't.
Worse, you don't usually want to redirect a secure session back to HTTP,
unless the user is being logged out.
> What changes should be done?
Read the Servlet Spec, it provides for this requirement, as Mikolaj
hinted. "transport-guarantee" is a setting in your web.xml.
However, not by changing the secure attribute.
We know most of you dont exactly agree or approve of our idea about fiddling
with the http connector, but please do help!
It's not a case of agree or approve, your idea/understanding is just
wrong and you've already wasted many hours trying to making it work.
Disabling the HTTP/S connector will affect *all* users, not just a
single one. Please confirm that you understand this.
p
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
