DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28780>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28780 Need non-secure JSESSIONID cookies Summary: Need non-secure JSESSIONID cookies Product: Tomcat 4 Version: Unknown Platform: All OS/Version: Other Status: NEW Severity: Enhancement Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] When the first request to a webapp is to a secure (HTTPS) page, the JSESSIONID cookie that gets sent is marked as Secure. If a following request is to a non- secure page then the client will not send the session cookie back, effectively causing the session to be lost. I understand that in many cases this is sensible behaviour, however it is causing us (and I believe others) problems. Could we please make this behaviour configurable, preferably on a per- application basis? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]