tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Moving from a very old Tomcat to a new Tomcat.
Date Thu, 12 Jun 2008 08:01:57 GMT

Bill Davidson wrote:
> Bill Barker wrote:
>  >This is correct. TC 3.2.4 never set the "secure" flag on that cookie,
>  >and TC 3.3.2 would only set it if you enabled an option in server.xml.
>  >This feature of TC is only on TC 4.0 and higher.
> Thank you for confirming that.
I personally believe that this was a long but very interesting thread, 
containing a lot of information from the best authorities and otherwise 
difficult to gather and bring together intelligibly, about Tomcat's 
handling of authentication and HTTP/HTTPS sessions, session-id cookies 
under HTTP/HTTPS (and their changes over Tomcat versions), transmission 
over mod_jk of the HTTPS nature of the session, browser handling of 
secure/non-secure cookies, etc..
Might this not usefully be brought together in a FAQ or article, which 
itself would be easy to find in the future ?
With everyone's permission, I would offer to write a draft, but I 
wouldn't have a clue as to how or where to publish this.
Mind you, considering the scope, I can't even think of an appropriate 
title. Java Servlet Specification for Dummies ?


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message