tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Mottaz <>
Subject Secure Cookie Problem
Date Fri, 14 Nov 2003 19:05:36 GMT
Hi All,

I'm new to the list -- I hope this is not a topic that's been beaten to
death - I searched the Archives but could not find the answer to my

The problem I'm having on Tomcat 4.1.29 is that the first page a user visits
is secure -- the session cookie gets set with the 'secure' flag value set to
true.  After login, the user gets sent to a non-secure page, the 'secure'
cookie does not get sent back to the server, and the user gets a new session
which is not logged in.

After visiting the non-secure page, the user can go back to the secure page
and log in without any problems.

Is there a config setting to tell Tomcat never to use secure cookies, or any
other solution to fix this problem (other than forcing a non-secure page
visit first)?

Thanks much,

Andrew Mottaz
Site 9 :: Internet Business Solutions
116 W. Illinois, Ste 6E
Chicago, Illinois 60610

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message