-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe,
On 10/27/2009 5:34 PM, Joe Wallace wrote:
> Hi Chris,
> You wrote:
>> Tomcat will create its JSESSIONID cookie like this in all cases:
>
>> Cookie cookie = new Cookie("JSESSIONID", sessionId);
>> if(request.isSecure())
>> cookie.setSecure(true);
>
> My filter calls HttpServletRequest.isSecure() which returns true
> It then calls Cookie.getSecure() for the JSESSIONID cookie which returns
> false.
>
> I am expecting this to return true since all connections have been over https.
> Or should I be looking elswhere?
If this is what you are observing, then the cookie is being created
during a non-https request. I would recommend clearing the cookie for
your site in your browser, then visiting your site until you see the
cookie appear.
You can use an HttpServletRequestWrapper + a Filter to see where the
session is being created if you'd rather not watch HTTP traffic.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrocrkACgkQ9CaO5/Lv0PCVTACfZRIKYGnQP3Jn8TnXSJ7Ew/gW
f9MAnjeIMMSJhO3et+EXonxuZW7o7/Et
=L5et
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
