On Fri, Aug 28, 2009 at 9:16 AM, Andy Ee<andyee@xxxxxxxxxxxxx> wrote: > My IE browser is able to establish a HTTPS session to the web application > without a problem. There is a username/password authentication form and I am > able to login as well. Here’s the problem. Whenever after I logged in, the > HTTPS session breaks and becomes HTTP. I can still browse around the site > and do functions on HTTP session. This is probably caused by your tomcat application. Many web applications send a "redirect" after a user logs in, and if the application doesn't know it has to send a https redirect it will send a http redirect. There are several things you can do: 1) Configure your tomcat application so that it sends https redirects back. Often an application has a parameter with something like "base url" or something like that. This should be set to the external url. This is the best solution. 2) Use a ProxyPassReverse statement to rewrite redirects as they come from the Tomcat server and are passed on to your users. 3) Use a rewrite rule to redirect incoming http requests to https. 1) is the best, 2) is also ok. 3) is a kludge. A good way to debug problems like that is to use a proper browser like Firefox, together with firefox extentions like Firebug and LiveHTTPHeaders. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|