RE: setting secure cookie in Tomcat 5.0 config

2007-10-05 Thread Biagi, Bill (Contractor)
ailto:[EMAIL PROTECTED] Sent: Friday, October 05, 2007 6:47 AM To: Tomcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config In that case - this should do the trick: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html -Tim Biagi, Bill (Contractor) wrote: > The thing

Re: setting secure cookie in Tomcat 5.0 config

2007-10-05 Thread Tim Funk
omcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config Not really. The reason is its rather nonsensical for any webserver to set a cookie as secure when the request is not secure. -Tim Biagi, Bill (Contractor) wrote: I've got a set of Cisco load balancers doing the SSL

RE: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Biagi, Bill (Contractor)
share or use them without Fannie Mae's approval. If received in error, contact the sender and delete them. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 2:13 PM To: Tomcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config

RE: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Biagi, Bill (Contractor)
error, contact the sender and delete them. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 2:13 PM To: Tomcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config Not really. The reason is its rather nonsensical for any webserv

Re: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Tim Funk
sender and delete them. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 1:38 PM To: Tomcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config You'll need to install fiddler to sniff when the cookie is being set. If the req

RE: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Caldarale, Charles R
> From: Biagi, Bill (Contractor) [mailto:[EMAIL PROTECTED] > Subject: RE: setting secure cookie in Tomcat 5.0 config > > I've got a set of Cisco load balancers doing the SSL so > Tomcat does not know that these sessions are SSL. > > Is there any way to force To

RE: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Biagi, Bill (Contractor)
Do not share or use them without Fannie Mae's > approval. If received in error, contact the sender and delete them. > > > -Original Message- > From: Tim Funk [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 04, 2007 1:14 PM > To: Tomcat Users List > Subje

Re: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Tim Funk
ontact the sender and delete them. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 1:14 PM To: Tomcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config If you are talking about the JSESSIONID cookie - if the session is created

RE: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Biagi, Bill (Contractor)
them. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 1:14 PM To: Tomcat Users List Subject: Re: setting secure cookie in Tomcat 5.0 config If you are talking about the JSESSIONID cookie - if the session is created while your are using SSL - the s

Re: setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Tim Funk
If you are talking about the JSESSIONID cookie - if the session is created while your are using SSL - the secure flag is set for you. Nothing to configure. -Tim Biagi, Bill (Contractor) wrote: How do you set Tomcat 5.0 to use secure cookies on an SSL session. Back in 3.3 it was an attribute

setting secure cookie in Tomcat 5.0 config

2007-10-04 Thread Biagi, Bill (Contractor)
How do you set Tomcat 5.0 to use secure cookies on an SSL session. Back in 3.3 it was an attribute in server.xml of the SessionId module element called secureCookie. Setting it to true used to mark the session id cookie as "secure" if the session was established over SSL. BB This e-mail and it