We set a secure cookie over HTTPS using:
javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie(name,
value);
cookie.setVersion(1);
cookie.setMaxAge(60*60*24*90); // 90 days in seconds
cookie.setSecure(request.isSecure());
response.addCookie(cookie);
This works in Firefox and Chrome. But in IE 6 and 7 (and I think
Safari) it appears to work okay as long as the browser is not closed,
when it appears to be forgotten. Do those browsers not persist secure
cookies, or is there something else we're doing wrong?
In Firefox, the cookie info appears correct and reports values like we
expect:
Name: e
Value: [EMAIL PROTECTED]
Host: myhostname.com
Path: /MyWebapp/
Expires: Wed, 21 Jan 2009 21:55:13 GMT
Session cookie: No
Secure cookie: Yes
Any ideas why IE is not persisting? Is this a security function not to
write a secure cookie to disk?
Thanks,
David
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]