tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anders Rundgren" <anders.rundg...@telia.com>
Subject Re: IE 5 on Mac is incompatible with TC 4?
Date Fri, 08 Mar 2002 16:36:53 GMT
Dave,

<snip>
>The system described above relies on correct behavior of cookies on the Mac
>in IE, and it works for us.  I don't know if any behavior on the Tomcat side
>has changed since 4.0.1, but I would tend to doubt it.

That's nice to hear :-|

>Why are you using a secure cookie for the session cookie?  Do you need to?

1. We tested this exclusively over HTTPS.  For HTTP things work OK:

2. Actually, we do absolutely nothing but "request.getSession()" which
triggers the session-mechanism according to my fellow developer.  I.e.
we don't handle cookies ourselves, we rely on Tomcat's handling which
has worked fine until we started to mess with Mac and IE 5.

>If so, you can't expect the session to remain intact across HTTP and HTTPS
>requests.  Any browser that DOES send a secure cookie over a straight HTTP
>request is dangerously out of spec.

Note, we don't switch between HTTP and HTTPS, but you are right in your
comment.

cheers,
Anders



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message