tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: Moving from a very old Tomcat to a new Tomcat.
Date Thu, 12 Jun 2008 10:15:50 GMT
André Warnier wrote:
> 
> Bill Davidson wrote:
>> Bill Barker wrote:
>>  >This is correct. TC 3.2.4 never set the "secure" flag on that cookie,
>>  >and TC 3.3.2 would only set it if you enabled an option in server.xml.
>>  >This feature of TC is only on TC 4.0 and higher.
>>
>> Thank you for confirming that.
>>
> I personally believe that this was a long but very interesting thread, 
> containing a lot of information from the best authorities and otherwise 
> difficult to gather and bring together intelligibly, about Tomcat's 
> handling of authentication and HTTP/HTTPS sessions, session-id cookies 
> under HTTP/HTTPS (and their changes over Tomcat versions), transmission 
> over mod_jk of the HTTPS nature of the session, browser handling of 
> secure/non-secure cookies, etc..
> Might this not usefully be brought together in a FAQ or article, which 
> itself would be easy to find in the future ?
> With everyone's permission, I would offer to write a draft, but I 
> wouldn't have a clue as to how or where to publish this.

Tomcat Wiki?

> Mind you, considering the scope, I can't even think of an appropriate 
> title. Java Servlet Specification for Dummies ?
> 
> André
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message