Pid wrote:
On 27/10/2009 22:31, Joe Wallace wrote:

André Warnier wrote:
Am I mistaken then to think that since the connection B from IIS to
Tomcat is not over HTTPS but over AJP, Tomcat has no idea that HTTPS is
being used ?
Whatever consequences this has in the context (and which are beyond my
expertise).

Andre,
I guess that is the question.

The filter I have in Tomcat calls request.isSecure().
This returns true.

(All requests have been using https)

What steps are you taking to ensure this is the case?

How are you enforcing HTTPS, are you using a <transport-guarantee>CONFIDENTIAL</transport-guarantee>?

Under the general category of asking the obvious, can you clear all existing cookies and then use Firebug/LiveHTTPHeaders in Firefox (or the browser of your choice) to see exactly when the first Set-Cookie header occurs?

+1
And just as a reminder, and because the OP keeps quoting my hypothesis above : apparently I was mistaken, and Rainer Jung (mod_jk developer/maintainer) explained why, a couple of posts ago.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to