tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anders Rundgren" <>
Subject Keep-Alive dead? Was: IE 5 on Mac is incompatible with TC 4?
Date Sat, 09 Mar 2002 13:25:25 GMT

>Perhaps there is something in the configuration of your server (server.xml),
>or its default webapp settings (conf/web.xml), or the configuration of your
>webapp (WEB-INF/web.xml) that is causing the session cookie to be set as a
>secure cookie.

There is one thing that differs between the TC and IIS-headers I supplied:
TC does Connection: Close while IIS does Connection: Keep-Alive.
This could very well be the reason why ";Secure" is added (which *may*
be the culprit although IE 5/Mac ought to be capable of handling this) as
a closed-down connection loses its security context which requires this
explicit marking of the cookies' secure origin.  I guess...

>If you're only responding to HTTPS, then you probably don't need to set the
>Secure flag on the cookie anyway.  I would bet that if you can find a way to
>get tomcat not to set that flag, your problem may go away.

I have not found anything in this area that can be configured.  A google
search revealed that TC requires HTTP 1.1 to support Keep-Alive but
when I do "Netstat" using NN 6.2 and IE 5 on W2K, I see no sign of any
keep-alives, just huge amounts of dead or dying TCP connections!


To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message