Hello,
I have a problem with Tomcat 5.0.26 where I need to use JavaScript to set the page location (document.location.href) in order to trigger a page reload. The session gets lost when the protocol changes from HTTP to HTTPS due to the secure setting in the session cookie.
I seems Tomcat will create the session cookie as secure when the request was secure. Unless there was a prior redirect this session cookie will then not be available to any unsecure request. In the event of a redirect to unsecure Tomcat undr the hood will take care to update the cookie to become insecure.
Is there any way to control this behavior in the configuration? I would like to configure all session cookies to be created as insecure.
Or, is there a ay to rewrite the session cookie in its entirety? It cannot be done just with the request, as browsers do not send all cookie attributes back.
Any help greatly appreciated.
Thanks, Tim
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
