On Thu, Nov 30, 2017 at 1:39 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Naga, > > On 11/30/17 12:29 PM, Naga Ramesh wrote: >> Thanks Chris.. >> >> See the below output and here not showing the secure. >> >> < HTTP/1.1 200 OK < Set-Cookie: >> JSESSIONID=D14ACAB7CADB83FAD5C11296C75A09DB; Path=/; HttpOnly < >> X-Frame-Options: DENY < X-Content-Type-Options: nosniff < >> X-XSS-Protection: 1; mode=block < Content-Type: >> text/html;charset=ISO-8859-1 < Content-Length: 5472 < Date: Thu, 30 >> Nov 2017 17:26:37 GMT < Server: > > HTTP response headers don't say anything about "secure" anyway.
Actually, they do :) Setting a cookie to secure keeps it from being transmitted over HTTP. Set-Cookie: JSESSIONID=07429A0D611B540BF985E10197241E5D; Path=/; Secure; HttpOnly > > What are you trying to accomplish, and what have you tried? > > I'm not sure secure="true" does what you think it does. > > Please answer the questions I asked in my previous post. They will go > a long way toward helping you. That would definitely help. > > - -chris > >> -----Original Message----- From: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Sent: Thursday, November 30, >> 2017 10:52 PM To: users@tomcat.apache.org Subject: Re: unable to >> set the "secure="true" flag on server.xml >> >> Naga, >> >> On 11/30/17 12:11 PM, Naga Ramesh wrote: >>> I have configured the tomcat8 version & used the AWS ELB, but I >>> have set the “secure="true" flag on tomcat8/conf/server.xml file >>> end, after that service started and login page came but I am >>> unable to login the application and getting the oops session >>> expired error message coming. >> >> Please post your <Connector> configuration. >> >> What did you expect secure="true" to actually do? >> >>> Note: we have applied the SSL on AWS ELB end. >> >> So you are terminating TLS at the ELB, right? >> >>> ELB(https) -à tomcat-conenctor-8080 >> >> Traffic from ELB -> Tomcat is using HTTPS? >> >> Why encrypt within your own VLAN? >> >> -chris >> >> --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlogUF4dHGNocmlzQGNo > cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFinKxAAhhchuEFgo8dc+pZv > YTg65qRlt7xS6s3ewlhY7RUrmNvzgYmjJC5tW81mNjNHhfPtMq7/WYNqoIS77b1+ > gZNYk4CtdNt8q3mJ0BUIqOoaSs9esvCv5WCs9jTh/dyhxra13s33V5NFkOvB26dB > YgsxvZAxFYgim2Yp8Q1xoN8CRhi8UVLidd3V8QIebZQ3oFbBjKZzvXm9BShlablj > RWuHHoj5A2Ks+BBqK6HR1Y1ZNoFqxaMtO7ZuxC4ytJVfhOvEXA2YoYDfOvxfHSIj > WVGwCczp3TRHCW/blFGOMqoctLY9bbJcgLb4ZZQloo1B4tced4XFBz7ELJZ52FrI > srHhH+md2udfGQ7ByJDOW7710IkDUXJvIO1JfJw/vC3s7rlGE61fXfncHPLg2Rer > XA0Ij9cjGVRC7aPr/d2+tAGB9aO2BhEQimVMX0MzNLhoiQhFHK+Tuq8jCKWVUMzl > m6VQNYulvisC0TnLQlzkFma+FZAlJ/RdkxQO3bFKaCt1UMMmluW0WQCAkmrCITzM > Lz8dfXF1NIMGsCJYLzqWw/Bbtk8EoMEw4euV8Zwjnfo6iVB4fufOQiFdjr2AMQV3 > FT0pnfEZC+5KUMwhjbPBKmX7mivkckNGrB3MpUuvFW1XZpAFVK14W7HaGA++EbJY > TB83V9GzPjyofj16b8lbJudggyY= > =4btR > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
