I have a filter that calls Cookie.getName and Cookie.getSecure JSESSIONID returns false even when the connection is always https. Tomcat version is 6.0.20.
JW -----Original Message----- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, October 27, 2009 3:04 PM To: Tomcat Users List Subject: RE: SessionID cookie not secure over SSL > From: Joe Wallace [mailto:j...@andar360.com] > Subject: SessionID cookie not secure over SSL > > Is there a setting in Tomcat 6.0.2 Are you really using a version of Tomcat that old (Nov 2006)? > to make the SessionID cookie secure > when created over https when using > AJP 1.3 connector for IIS? What makes you think the cookie isn't being encrypted along with everything else sent over HTTPS? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
