|Rustad, Aaron||Oct 28, 2002 4:48 pm|
|Craig R. McClanahan||Oct 28, 2002 8:36 pm|
|Nicholas Pappas||Oct 29, 2002 7:44 am|
|Rustad, Aaron||Oct 29, 2002 7:45 am|
|Srinadh Karumuri||Oct 29, 2002 9:17 am|
|Pae Choi||Oct 29, 2002 12:54 pm|
|Schnitzer, Jeff||Oct 29, 2002 3:56 pm|
|Dan Lipofsky||Oct 29, 2002 4:11 pm|
|Justin Ruthenbeck||Oct 29, 2002 4:19 pm|
|Rustad, Aaron||Oct 29, 2002 4:54 pm|
|Craig R. McClanahan||Oct 29, 2002 9:55 pm|
|Craig R. McClanahan||Oct 29, 2002 10:00 pm|
|Bill Barker||Oct 29, 2002 10:49 pm|
|Craig R. McClanahan||Oct 29, 2002 10:54 pm|
|Ralph Einfeldt||Oct 30, 2002 12:06 am|
|Subject:||RE: Force One page to not use SSL|
|From:||Srinadh Karumuri (skar...@bbn.com)|
|Date:||Oct 29, 2002 9:17:18 am|
You can probably try forwarding to absolute path, with the JSESSIONID value. Since you are using IIS as secure server, it shouldn't matter to Tomcat.
For example: In a servlet you can forward control from https://my.domain.com/myapp/jsp/mypage1.jsp to http://my.domain.com/myapp/jsp/mypage2.jsp;jsessionid=To6582mC3751376572349896At (I am not sure you need the jsessionid value).
At 10:46 AM 10/29/2002, Rustad, Aaron wrote:
OK, let me explain the real problem then. What I really want to do is download a bunch of jars for an applet, however, doing this over HTTPS is driving my nuts!!! Can I somehow use HTTP to get the jars and still have the page that the applet resides in HTTPS?
Thanks again! Aaron.
-----Original Message----- From: Craig R. McClanahan [mailto:crai...@apache.org] Sent: October 28, 2002 9:37 PM To: Tomcat Users List Subject: Re: Force One page to not use SSL
On Mon, 28 Oct 2002, Rustad, Aaron wrote:
Date: Mon, 28 Oct 2002 17:48:40 -0700 From: "Rustad, Aaron" <ARus...@Online-can.com> Reply-To: Tomcat Users List <tomc...@jakarta.apache.org> To: "'tomc...@jakarta.apache.org'" <tomc...@jakarta.apache.org> Subject: Force One page to not use SSL
I am trying to force one page NOT to use HTTPS and still maintain the session. I have looked in mailing list, and all I see is how you are not supposed to do this. Well, I really...really...really need to do this and yes, I understand that I shouldn't.
So, if anyone knows how I can maintain the session that is given to my client from HTTPS -> HTTP I would greatly appreciate it.
There is no support for this because it would be a huge security hole. For much discussion on this topic, check the mailing list archives.
1. IIS as a front for Tomcat 4.0.1. 2. Using AJP13