Bill Davidson wrote:
I'm confused so I'm not sure what I say below makes sense.
If I'm reading these posts correctly, the cookie is issued by the
front end
(which is Apache web server). Since it is created on an https
session, it
is being marked as "secure". When browser switches to a non-secure
page on the same site, that cookie is not passed because it is a secure
cookie.
I was right about one thing: I was confused.
Apparently it was actually Tomcat creating the cookie.
I've found a usable workaround. I'm having my login servlet create
and set the cookie (without setting it to secure). That seems to have
made the problem go away. I was trying to get away without changing
the app but this is a pretty minor change.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
