> From: Biagi, Bill (Contractor) [mailto:[EMAIL PROTECTED] > Subject: RE: setting secure cookie in Tomcat 5.0 config > > I've got a set of Cisco load balancers doing the SSL so > Tomcat does not know that these sessions are SSL. > > Is there any way to force Tomcat to set the jsessionid > cookie to secure?
(I don't have the 5.0 source lying around anymore, so this is taken from looking at 5.5.) If you segregate requests that were originally SSL from those that weren't via separate <Connector> elements in server.xml, then you can set the secure attribute for the SSL one to "true". That should cause sessions and cookies created under that <Connector> to be marked secure, and doesn't appear to have other side effects. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
