-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe,
(Can you fix your emailer to include thread-ids when replying to the list? Your replies are not properly threaded, here.) On 10/27/2009 4:12 PM, Joe Wallace wrote: > I have a filter that calls > Cookie.getName and > Cookie.getSecure > JSESSIONID returns false even when the connection is always https. > Tomcat version is 6.0.20. If your cookie was created in HTTP mode, then the 'secure' flag will be set to 'false' on that cookie. Are you sure you are always in HTTP mode? Please double-check, and remember that /all JSPs will create a session unless session=false in the @page directive/. To answer your original question: there is no setting in Tomcat to get secure=true on your cookies in SSL mode. Tomcat should /always/ use a secure cookie when the cookie is created in SSL mode. You may have to re-check your <Connector> attributes for the AJP connector. Make sure that secure="true" among others. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrnTQ8ACgkQ9CaO5/Lv0PA/GQCgnPYgzFkWNPP0Ol57BxVg4uX5 YQsAnjGCZMrB4svfzI/S/TL9mhNtjfiv =GZXQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
