Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 36018 invoked from network); 12 Jun 2008 01:33:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Jun 2008 01:33:36 -0000 Received: (qmail 15095 invoked by uid 500); 12 Jun 2008 01:33:26 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 15066 invoked by uid 500); 12 Jun 2008 01:33:26 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 15055 invoked by uid 99); 12 Jun 2008 01:33:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jun 2008 18:33:26 -0700 X-ASF-Spam-Status: No, hits=-1.0 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jak-tomcat-user@m.gmane.org designates 80.91.229.2 as permitted sender) Received: from [80.91.229.2] (HELO ciao.gmane.org) (80.91.229.2) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jun 2008 01:32:36 +0000 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1K6bgF-00016E-Qc for users@tomcat.apache.org; Thu, 12 Jun 2008 01:32:47 +0000 Received: from pool-71-104-88-152.lsanca.dsl-w.verizon.net ([71.104.88.152]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Jun 2008 01:32:47 +0000 Received: from wbarker by pool-71-104-88-152.lsanca.dsl-w.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Jun 2008 01:32:47 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: users@tomcat.apache.org From: "Bill Barker" Subject: Re: Moving from a very old Tomcat to a new Tomcat. Date: Wed, 11 Jun 2008 18:32:39 -0700 Lines: 25 Message-ID: References: <4837459D.3030704@seatadvisor.com> <48374AEC.8020906@cornell.edu> <48374CAB.2020507@seatadvisor.com> <483C14BE.2000007@christopherschultz.net> <484872A1.8090000@seatadvisor.com> <484882F3.708@seatadvisor.com> <484D5704.2000200@christopherschultz.net> <484DF0AE.2010703@SeatAdvisor.com> <484ED601.6040108@christopherschultz.net> <484ED801.1000002@seatadvisor.com> <484EDA35.9010701@christopherschultz.net> <484F9527.2050305@ice-sa.com> <484FD516.30501@christopherschultz.net> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-71-104-88-152.lsanca.dsl-w.verizon.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 X-RFC2646: Format=Flowed; Response Sender: news X-Virus-Checked: Checked by ClamAV on apache.org "Christopher Schultz" wrote in message news:484FD516.30501@christopherschultz.net... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > | > | - the behaviour of browsers versus secure/non-secure cookies is not new, > | and neither is the fact that Tomcat generates a secure JSESSIONID cookie > | when the session starts under HTTPS. So how come this thing was working > | before the Tomcat change of version, but no longer afterward ? > | Or did I miss a post somewhere ? > > It's tough to tell. The OP was using TC 3.2.4 (ancient!) and it might > not have been setting the "secure" flag on that cookie. It's the > cookie's "secure" flag that dictates the security policy, not the use of > HTTPS (or not). You could go back and look at the code for 3.2.4 and see > if the "secure" flag was being set on cookies. > This is correct. TC 3.2.4 never set the "secure" flag on that cookie, and TC 3.3.2 would only set it if you enabled an option in server.xml. This feature of TC is only on TC 4.0 and higher. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org