[Bug 64921] LoadBalancerDrainingValve does not honour "Secure Session Cookie" settings

bugzilla Thu, 12 Nov 2020 06:16:09 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=64921


--- Comment #2 from Andreas Kurth <apa...@akurth.de> ---
Setting "Secure" unconditionally would raise another issue: Chrome doesn't
accept the Secure flag when not run under SSL. A possible – still naive –
implementation might be:

if (request.isSecure()) {
    sessionCookie.setSecure(true);
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64921] LoadBalancerDrainingValve does not honour "Secure Session Cookie" settings

Reply via email to