I am having a small problem with JSESSIONID cookie having its secure
property set to TRUE when you initially connect. We have a login page
that is displayed first and uses SSL. After login only certain parts
of the web site use SSL. However, since initial connection to the web
server was with SSL and it creates a JSESSIONID cookie for the initial
connection, it reads the page as secure and therefore sets the secure
bit. This is a problem because the JSESSIONID cookie is then not
passed back in subsequent requests to the server for non SSL pages
which means the user is not tied back to their session appropriately.
Anyone have any ideas on how JSESSIONID can be forced to NOT be secure
regardless of the Request.isSecure() result?
Thanks in advance,
Keith
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
