You'll need to install fiddler to sniff when the cookie is being set. If
the request is SSL and during that request, the JSESSIONID cookie is
created - it will be SSL. So either the cookie is being set some other
time, or IE is lying that the cookie is secure. (Or something else)
-Tim
Biagi, Bill (Contractor) wrote:
The session is SSL and according to IE the jsessionid cookie is not
secure.
BB
This e-mail and its attachments are confidential and solely for the
intended addressee(s). Do not share or use them without Fannie Mae's
approval. If received in error, contact the sender and delete them.
-----Original Message-----
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 04, 2007 1:14 PM
To: Tomcat Users List
Subject: Re: setting secure cookie in Tomcat 5.0 config
If you are talking about the JSESSIONID cookie - if the session is
created while your are using SSL - the secure flag is set for you.
Nothing to configure.
-Tim
Biagi, Bill (Contractor) wrote:
How do you set Tomcat 5.0 to use secure cookies on an SSL session.
Back
in 3.3 it was an attribute in server.xml of the SessionId module
element
called secureCookie. Setting it to true used to mark the session id
cookie as "secure" if the session was established over SSL.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
