We're trying to secure only a login page with SSL, and then switch back to non-ssl for speed, server load, etc.
IBM has a good article on how to set this up ( HERE), but it's not without issue... If a user bookmarks the actual login page, Websphere will not switch back to non-ssl after a login. The problem is that WAS will not issue the "WASReqURL" cookie (where it stores the originally requested URL for later redirect) if the user uses the login page URL. This makes sense, but how can we work around this?
We've tried redirects at the web server (maybe we haven't tried the right one yet) and even tried manually creating the WASReqURL cookie in from the application. None of that has worked. Ideas? A response I got from the article author at IBM was to not have users bookmark the login page. There's got to be a better way.