On Monday 06 December 2004 22.53, Brook Stevens wrote:[...]
You are pretty much free to add any header you wish, as long as it is
correctly formed. X-SSL-whatever is fine. The HTTPSHeaders directive allows
you to do exactly this.
You don't need to worry about the SSL session - that is managed by Pound at
the SSL level and has nothing to do with the HTTP session (protocol vs.
application level). Sessions are kept the same way in HTTP and HTTPS - in
fact you can do both at once.
It is not unusual for applications to have a bit of code that checks if a
connection was made via HTTPS, and if not reply with a redirect or error.
Using a separate host name might be an improvement.[...]