Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 76131 invoked from network); 12 Jun 2008 08:07:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Jun 2008 08:07:00 -0000 Received: (qmail 16110 invoked by uid 500); 12 Jun 2008 08:06:50 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 16077 invoked by uid 500); 12 Jun 2008 08:06:50 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 16063 invoked by uid 99); 12 Jun 2008 08:06:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jun 2008 01:06:50 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [212.85.38.174] (HELO popeye.combios.es) (212.85.38.174) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jun 2008 08:06:00 +0000 Received: from [192.168.245.129] (p549EA5D5.dip0.t-ipconnect.de [84.158.165.213]) (authenticated bits=0) by popeye.combios.es (8.13.8/8.13.8/Debian-3) with ESMTP id m5C820gp015601 for ; Thu, 12 Jun 2008 10:02:05 +0200 Message-ID: <4850D7F5.3090600@ice-sa.com> Date: Thu, 12 Jun 2008 10:01:57 +0200 From: =?ISO-8859-1?Q?Andr=E9_Warnier?= User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Moving from a very old Tomcat to a new Tomcat. References: <4837459D.3030704@seatadvisor.com> <48374AEC.8020906@cornell.edu> <48374CAB.2020507@seatadvisor.com> <483C14BE.2000007@christopherschultz.net> <484872A1.8090000@seatadvisor.com> <484882F3.708@seatadvisor.com> <484D5704.2000200@christopherschultz.net> <484DF0AE.2010703@SeatAdvisor.com> <484ED601.6040108@christopherschultz.net> <484ED801.1000002@seatadvisor.com> <484EDA35.9010701@christopherschultz.net> <484F9527.2050305@ice-sa.com> <484FD516.30501@christopherschultz.net> <4850ABE9.3010507@gmail.com> In-Reply-To: <4850ABE9.3010507@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on popeye.combios.es X-Virus-Scanned: ClamAV 0.92.1/7443/Thu Jun 12 04:51:03 2008 on popeye.combios.es X-Virus-Status: Clean X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-97.9 required=2.5 tests=RCVD_IN_PBL, RCVD_IN_SORBS_DUL,USER_IN_WHITELIST autolearn=no version=3.2.3 Bill Davidson wrote: > Bill Barker wrote: > >This is correct. TC 3.2.4 never set the "secure" flag on that cookie, > >and TC 3.3.2 would only set it if you enabled an option in server.xml. > >This feature of TC is only on TC 4.0 and higher. > > Thank you for confirming that. > I personally believe that this was a long but very interesting thread, containing a lot of information from the best authorities and otherwise difficult to gather and bring together intelligibly, about Tomcat's handling of authentication and HTTP/HTTPS sessions, session-id cookies under HTTP/HTTPS (and their changes over Tomcat versions), transmission over mod_jk of the HTTPS nature of the session, browser handling of secure/non-secure cookies, etc.. Might this not usefully be brought together in a FAQ or article, which itself would be easy to find in the future ? With everyone's permission, I would offer to write a draft, but I wouldn't have a clue as to how or where to publish this. Mind you, considering the scope, I can't even think of an appropriate title. Java Servlet Specification for Dummies ? Andr� --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org