15 messages in org.apache.tomcat.usersRE: Force One page to not use SSL| From | Sent On | Attachments |
|---|---|---|
| Rustad, Aaron | Oct 28, 2002 4:48 pm | |
| Craig R. McClanahan | Oct 28, 2002 8:36 pm | |
| Nicholas Pappas | Oct 29, 2002 7:44 am | |
| Rustad, Aaron | Oct 29, 2002 7:45 am | |
| Srinadh Karumuri | Oct 29, 2002 9:17 am | |
| Pae Choi | Oct 29, 2002 12:54 pm | |
| Schnitzer, Jeff | Oct 29, 2002 3:56 pm | |
| Dan Lipofsky | Oct 29, 2002 4:11 pm | |
| Justin Ruthenbeck | Oct 29, 2002 4:19 pm | |
| Rustad, Aaron | Oct 29, 2002 4:54 pm | |
| Craig R. McClanahan | Oct 29, 2002 9:55 pm | |
| Craig R. McClanahan | Oct 29, 2002 10:00 pm | |
| Bill Barker | Oct 29, 2002 10:49 pm | |
| Craig R. McClanahan | Oct 29, 2002 10:54 pm | |
| Ralph Einfeldt | Oct 30, 2002 12:06 am |
| Subject: | RE: Force One page to not use SSL | |
|---|---|---|
| From: | Srinadh Karumuri (skar...@bbn.com) | |
| Date: | Oct 29, 2002 9:17:18 am | |
| List: | org.apache.tomcat.users | |
You can probably try forwarding to absolute path, with the JSESSIONID value. Since you are using IIS as secure server, it shouldn't matter to Tomcat.
For example: In a servlet you can forward control from https://my.domain.com/myapp/jsp/mypage1.jsp to http://my.domain.com/myapp/jsp/mypage2.jsp;jsessionid=To6582mC3751376572349896At (I am not sure you need the jsessionid value).
Sri
At 10:46 AM 10/29/2002, Rustad, Aaron wrote:
OK, let me explain the real problem then. What I really want to do is download a bunch of jars for an applet, however, doing this over HTTPS is driving my nuts!!! Can I somehow use HTTP to get the jars and still have the page that the applet resides in HTTPS?
Thanks again! Aaron.
-----Original Message----- From: Craig R. McClanahan [mailto:crai...@apache.org] Sent: October 28, 2002 9:37 PM To: Tomcat Users List Subject: Re: Force One page to not use SSL
On Mon, 28 Oct 2002, Rustad, Aaron wrote:
Date: Mon, 28 Oct 2002 17:48:40 -0700 From: "Rustad, Aaron" <ARus...@Online-can.com> Reply-To: Tomcat Users List <tomc...@jakarta.apache.org> To: "'tomc...@jakarta.apache.org'" <tomc...@jakarta.apache.org> Subject: Force One page to not use SSL
I am trying to force one page NOT to use HTTPS and still maintain the session. I have looked in mailing list, and all I see is how you are not supposed to do this. Well, I really...really...really need to do this and yes, I understand that I shouldn't.
So, if anyone knows how I can maintain the session that is given to my client from HTTPS -> HTTP I would greatly appreciate it.
There is no support for this because it would be a huge security hole. For much discussion on this topic, check the mailing list archives.
Some background:
1. IIS as a front for Tomcat 4.0.1. 2. Using AJP13
Thanks! Aaron.
Craig