On 06/18/2013 02:23 PM, [email protected] wrote: > Where do you see that? In the Chrome dev tool I can see that our CAS 3.5.2 > installation sends both HttpOnly and Secure. I didn't make any major changes > from the defaults, either.
Don't see the flag set in browsers I've tested (FF, Chrome), and don't see reference to it in the (3.5.2) code. I do see Secure. Hmm, maybe back to the drawing board? Do you know how/if it's explicitly configured in e.g. your web.xml? Thanks. Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
