On 3/8/02 11:36 AM, "Anders Rundgren" <[EMAIL PROTECTED]> wrote: > 2. Actually, we do absolutely nothing but "request.getSession()" which > triggers the session-mechanism according to my fellow developer. I.e. > we don't handle cookies ourselves, we rely on Tomcat's handling which > has worked fine until we started to mess with Mac and IE 5.
Perhaps there is something in the configuration of your server (server.xml), or its default webapp settings (conf/web.xml), or the configuration of your webapp (WEB-INF/web.xml) that is causing the session cookie to be set as a secure cookie. > Note, we don't switch between HTTP and HTTPS, but you are right in your > comment. If you're only responding to HTTPS, then you probably don't need to set the Secure flag on the cookie anyway. I would bet that if you can find a way to get tomcat not to set that flag, your problem may go away. -- +-------------------------------------------------------------------+ | Dave Makower <[EMAIL PROTECTED]> | | http://www.davemak.com/ | +-------------------------------------------------------------------+ -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
