Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe,
On 10/28/2009 11:55 AM, Joe Wallace wrote:
From Firefox Live HTTP Headers
Set-Cookie: JSESSIONID=B4F06784FE4EAA0A7C9830BBF86D85B4; Path=/inetwork; Secure
Location: https://216.94.100.154/inetwork/Start.jsp
Hmmmm. That looks like it is secure
Yup.
My filter is getting this.
Cookie0 name= JSESSIONID
Cookie0 value= B4F06784FE4EAA0A7C9830BBF86D85B4
Cookie0 isSecure = false
Aah, I see the problem: the cookie /is/ secure, but the browser doesn't
provide the "secure" flag when making a request, so the server has no
idea whether the cookie is in secure mode or not.
Rest assured that the browser will only send this cookie when using HTTPS.
And when your browser makes the request, using LiveHTTPHeaders or
HttpFox, you should be able to see if that's the case, in the Cookie:
headers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
