Re: cookie.setSecure -- cookie not persisted in IE 6/7

2008-10-23 Thread David Wall
cookie.setVersion(1); I think I found my own answer in that it appears that Firefox can accept a version 1 (RFC 2109) cookie, which we were using because the email address contains an '@' that's not allowed as a value in version 0 cookies. When we converted to version 0 and encoded the @,

cookie.setSecure -- cookie not persisted in IE 6/7

2008-10-23 Thread David Wall
We set a secure cookie over HTTPS using: javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie(name, value); cookie.setVersion(1); cookie.setMaxAge(60*60*24*90); // 90 days in seconds cookie.setSecure(request.isSecure()); response.addCookie(cookie); This works in Firefox and Chrome.