2 HTTPS questions
I'm using JSF on GlassFish for a web application.
Q1: If I setup web.xml to use SSL for the login page using HTTP POST, the following happens: the page is loaded normally, using HTTP; when pressing the Submit button the page is reloaded, this time using HTTPS; pressing the Submit button the second time, it does what is supposed to do (verify password, go to the user home page etc.) Why? And how to overcome this ?
Note that if I specify both GET and POST for this page, the page is loaded with HTTPS directly, and pressing Submit just once is enough (as it should).
Q2: After a successful login, the user is redirected to the home page, which is not listed in web.xml as CONFIDENTIAL; however, the browser stays in HTTPS. How do I convince it to go back to HTTP ?