0 Replies Latest reply on Oct 5, 2005 12:27 PM by new4jboss

    sticky sessions break declarative https ?

    new4jboss

      I'm in a bit of a dilema

      If I need sticky HTTP sessions, then my hardware load balancer needs to have a ssl decoder to handle the https requests. However by doing that, how can I enforce container security for my web app when the request arriving at the servlet container is plain http ? How can I enforce exclusive https access this way ? Must I configure the in the firewall after the HW load balancer ? Or can I just don't worry about session stickiness in JBoss's clustered environment due its HTTPSession replication assurances ?

      Thanks