-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe,
On 10/28/2009 11:55 AM, Joe Wallace wrote:
> From Firefox Live HTTP Headers
>
> Set-Cookie: JSESSIONID=B4F06784FE4EAA0A7C9830BBF86D85B4; Path=/inetwork; Secure
> Location: https://216.94.100.154/inetwork/Start.jsp
>
> Hmmmm. That looks like it is secure
Yup.
> My filter is getting this.
>
> Cookie0 name= JSESSIONID
> Cookie0 value= B4F06784FE4EAA0A7C9830BBF86D85B4
> Cookie0 isSecure = false
Aah, I see the problem: the cookie /is/ secure, but the browser doesn't
provide the "secure" flag when making a request, so the server has no
idea whether the cookie is in secure mode or not.
Rest assured that the browser will only send this cookie when using HTTPS.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkroc8YACgkQ9CaO5/Lv0PBDwwCff52b5PurVJoC36Tikz+0THoa
y/sAmQHuRxFS3CWFPTFiNxjwYrejYq0E
=UOKF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|