Hi again!
I have deployed CAS 4.2.4 to Tomcat 8.5.5. If I look into Chrome Developer tool, I see that JSESSIONDID has HttpOnly flag, but TGC doesn't have. Is there any option to set the flag up? Also in Spring CookieGenerator there is cookiehttpOnly false by default Also if it changes something somehow, I am running cas on port 8080 as http and behind Apache HTTP proxy running HTTPS. Siim -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/76c9ae0c-5d30-4eac-98b9-5ae6e91ba579%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
