-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GF,
GF wrote: | can you give me a link about setting up a secure JSessionID cookie? I | mean to let it pass over HTTPS and not HTTP. I believe if your session starts through HTTPS, the cookie will be marked as secure and it won't be sent if the user switches to non-secure HTTP. As long as you start the session via HTTPS, you should not have to do anything else. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeLm00ACgkQ9CaO5/Lv0PCvpACeOsRFLFC0tsQZ8stttge/RWHj PlwAnjuLVAikckBjanakp+gAzAdJzKO8 =kiBx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]