Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe,

On 10/28/2009 11:55 AM, Joe Wallace wrote:
From Firefox Live HTTP Headers

Set-Cookie: JSESSIONID=B4F06784FE4EAA0A7C9830BBF86D85B4; Path=/inetwork; Secure
Location: https://216.94.100.154/inetwork/Start.jsp

Hmmmm.  That looks like it is secure

Yup.

My filter is getting this.

 Cookie0 name= JSESSIONID
 Cookie0 value= B4F06784FE4EAA0A7C9830BBF86D85B4
 Cookie0 isSecure = false

Aah, I see the problem: the cookie /is/ secure, but the browser doesn't
provide the "secure" flag when making a request, so the server has no
idea whether the cookie is in secure mode or not.

Rest assured that the browser will only send this cookie when using HTTPS.

And when your browser makes the request, using LiveHTTPHeaders or HttpFox, you should be able to see if that's the case, in the Cookie: headers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to