On 5/31/2012 1:30 PM, Konstantin Kolinko wrote:
2012/5/31 Timothy J Schumacher<tim.schumac...@colorado.edu>:
Hi,
We are using Apache Tomcat 6.0.35
with
# java -version
java version "1.6.0_30"
Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
Java HotSpot(TM) Client VM (build 20.5-b03, mixed mode, sharing)
in redhat linux.
I am wondering if there is a way to use transport CONFIDENTIAL for all hosts
that are not localhost? I am guessing the servlet spec does not allow this,
it seems to be all or none in the web.xml config. Perhaps there is a way
configure transport NONE in web.xml and then manually configure a
valve/filter in context.xml that would enforce CONFIDENTIAL to all remote
hosts but let localhost pass without redirects to port 443?
Any ideas are appreciated!
<Connector ... address="127.0.0.1" secure="true" />
It will
1. Listen on localhost only.
2. Be treated by Tomcat as if it were an HTTPS connection.
Hi Konstantine, thanks this works! I have one more question. I assume
that setting secure="true" means that the cookie JSESSIONID has "Secure"
set. This causes my browser (an old version of FF) to not send the
cookie which I assume is due to the fact that the communication is over
a plain http connection. Since we have not diligently coded encodeURLs
everywhere the application loses the session on occasion. Is there a
way to tell the component that sets the cookie to not set "Secure" only
for this particular connector?
Thanks again!
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
