tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Wallace" <j...@andar360.com>
Subject RE: SessionID cookie not secure over SSL
Date Tue, 27 Oct 2009 20:12:19 GMT
I have a filter that calls
Cookie.getName and 
Cookie.getSecure
JSESSIONID returns false even when the connection is always https.
Tomcat version is 6.0.20.  

JW


-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Tuesday, October 27, 2009 3:04 PM
To: Tomcat Users List
Subject: RE: SessionID cookie not secure over SSL


> From: Joe Wallace [mailto:joew@andar360.com]
> Subject: SessionID cookie not secure over SSL
> 
> Is there a setting in Tomcat 6.0.2

Are you really using a version of Tomcat that old (Nov 2006)?

> to make the SessionID cookie secure
> when created over https when using
> AJP 1.3 connector for IIS?

What makes you think the cookie isn't being encrypted along with everything else sent over
HTTPS?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message