I'm certain that you are aware that there have been multiple discussions concerning switching from http to https with Netscape and how Netscape doesn't send the cookie back to the server if the port numbers are not the default port numbers. Are you guys planning on implementing a session cookie domain attribute for Tomcat 3.x or Tomcat 4 so that we can specify to which domain the browser sends the cookie(s) to? The following url: http://mikal.org/interests/java/tomcat/archive/view?mesg=52996 states that JServ contained such an attribute to set the domain, and I know that Weblogic also has such an attribute.
Thanks, Cameron
