[Building Sakai] tomcat sessions and https
Adams, David
da1 at vt.edu
Wed May 20 05:22:23 PDT 2009
I wrote:
> And you'd need to make sure the JSESSIONID cookie wasn't set to
> secure-sessions-only (see assureSession in
> org.sakaiproject.util.RequestFilter (in 2.5 at least)). Finally, you'd
> need to be sure the login code redirected the browser back to a
non-SSL
> URL. Depending on what method the login code uses to build the URL, it
> might be no problem (if it uses the serverUrl property directly), or
it
> might depend on how you've got your HTTP stack configured
Of course if you're running through Apache httpd or a load balancer,
there are plenty of ways to address these items without messing with the
Java code, but that's all very deployment-specific.
-dave
More information about the sakai-dev
mailing list