I think you need to make sure you are using an SSL connection
(request.isSecure()) before you create the Cookies in the first place.
The behaviour when changing a non-secure cookie to a secure one may be
browser dependant.//
//
/Mattias
//
//Abhinav Gupta wrote (2009-09-10 14:34):
Thanks Jeff,
Thanks Jeff,
But we are creating no cookies by our own. Our requirement is to just secure
the Apache OR Resin created Cookies for session management.
So we created a generic filter for that.
Regards,
Abhinav
[Resin-interest] Cookie security over SSL (https)