In a previous post I mentioned that the connection didn't switch back to HTTP after visiting confidential pages. However I expected that after the entire logout process the website would have switch the connection back to normal HTTP, after invalidating the session. Unfortunately, I was wrong. HTTPS was still present! What to do? Google is the answer! However I was not so lucky to find a solution, maybe the question was wrong, not the answer. So I managed to build a solution on myself, which is this one: in the Logout servlet I check if the request was made using HTTP using the method request.isSecure(). If so I invalidate the session and I redirect the user to an absolute url, which is built using this string:
"http://" + getServletContext().getInitParameter("domain") + request.getContextPath() + "/index.jsp"
Where the parameter "domain" is specified in the deployment descriptor as "mauricius-pc:8080".
Nessun commento:
Posta un commento