From: "Krist van Besien" <krist.vanbesien@xxxxxxxxx>
On Thu, Oct 29, 2009 at 11:46 AM, ericdraven <erik@xxxxxxxxxxxxx> wrote:Hello, I need some expert help on the following configuration task: I have a startpage with a standard login form. After a user logs in, he should be redirected to use https for the rest of the session.That's a rather odd requirement. Normally the requirement is to be redirected to https _before_ logging in. It is, after all, the login data, that you need to protect.
Isn't OK if the login form uses an action="https://..."; attribute?The request would be made using HTTPS, not HTTP, so it should be protected, no matter that the original page was using HTTP.
Thanks. Octavian --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|