In that case - this should do the trick:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
<Connector secure="true" ...>
-Tim
Biagi, Bill (Contractor) wrote:
The thing is it is actually secure. The Tomcat servers are behind the
load balancers and using the dedicated hardware engines to perform the
SSL. Granted Tomcat does not know this. This exact configuration is
why it would make sense to be able to set the jsessionid to secure. Why
else would Tomcat have this setting in the server.xml back in version
3.3? I am assuming that there is no such override in 5.0 or later.
BB
This e-mail and its attachments are confidential and solely for the
intended addressee(s). Do not share or use them without Fannie Mae's
approval. If received in error, contact the sender and delete them.
-----Original Message-----
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 04, 2007 2:13 PM
To: Tomcat Users List
Subject: Re: setting secure cookie in Tomcat 5.0 config
Not really. The reason is its rather nonsensical for any webserver to
set a cookie as secure when the request is not secure.
-Tim
Biagi, Bill (Contractor) wrote:
I've got a set of Cisco load balancers doing the SSL so Tomcat does
not
know that these sessions are SSL. My guess is that is why it is not
being set. Is there any way to force Tomcat to set the jsessionid
cookie to secure?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
