https://bz.apache.org/bugzilla/show_bug.cgi?id=64921
--- Comment #2 from Andreas Kurth <apa...@akurth.de> --- Setting "Secure" unconditionally would raise another issue: Chrome doesn't accept the Secure flag when not run under SSL. A possible – still naive – implementation might be: if (request.isSecure()) { sessionCookie.setSecure(true); } -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org