tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Teppei Yamada <tep...@silk.co.jp>
Subject Secure attribute of Catalina SSL Connector(APR)
Date Sun, 01 Apr 2012 06:37:42 GMT
Hi,


I don't want every session cookies to be secure cookies, so I
intentionally set secure attribute "false" in server,xml's SSL connector
tag.
(Actually tomcat native is compiled with OpenSSL and LD_LIBRARY_PATH is
set, so the SSL connector is using APR in my case.)
But even though doing above, catalina.connector.Request.isSecure() is
always "true" when Tomcat creating session cookie internally.
How can I turn every session cookie's secure attribute off ?
(Testing with Tomcat7.0.26 and Sun JDK1.6.31 in x86_64 Linux Box)

Thanks,
Teppei



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message