Hey,
I recently discovered that the session id cookie created by tomcat is
setSecure(true) by the HttpResponseBase:
if (hreq.isSecure())
cookie.setSecure(true);
addCookie(cookie);
So, it looks like it is set secure, and it seems my browser respects that,
as it only sends the
No browser that I know of actually sends this information back to the server
(IMHO, A Good Thing :). Therefore Tomcat has no way of knowing what the
browser thinks of the cookie settings, and is only telling you what it
knows.
Zabel, Ian [EMAIL PROTECTED] wrote in message
[EMAIL