[Building Sakai] tomcat sessions and https
will at serensoft.com
will at serensoft.com
Tue May 19 14:31:43 PDT 2009
Question:
Can a browser log in via HTTPS to establish session credentials, and
then browse Sakai via HTTP?
That is, the establish-credentials stage is encrypted but the rest of
the session isn't, as the session key includes the remote IP address
or some such skullduggery to enable a secure session...
Is that part of how the Sakai session mechanism is set up -- to enable that?
If so, where's the how-to? If not... why not? :)
Found Glenn Golden's Sakai Sessions doc from 2005 (four years old!
yikes!) but was hoping there's something more modern?
--
will trillich
"Our only real economic security lies in our power to meet human
needs." -- S.Covey, the 8th Habit
More information about the sakai-dev
mailing list