tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Davidson <>
Subject Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet
Date Wed, 05 Mar 2014 23:56:40 GMT
On 3/5/2014 2:28 PM, Konstantin Kolinko wrote:
> The HttpOnly flag is used by cookies sent by server to the client.
> There is no point checking it on request.getCookies(), as browsers do
> not send it back  (neither do they send 'path', 'secure' etc.).

1. Isn't that what gets sent from the server to the client?

2. Why did it work when going direct without the load balancer?

3. Why did it sometimes work with IE even with the load balancer?

4. Why did it still fail when I reverted to Tomcat 6?

5. Why did it work before this release when we had TLS 1.1/1.2 enabled
in the client JCP?  Note that the load balancer is doing all of the SSL and
sending plain HTTP to httpd which is in turn talking AJP to Tomcat. While
our httpd does support HTTPS

6. New data point from last night: One of our support people uninstalled
Firefox and Chrome and the JRE from his Windows 8 laptop and then
reinstalled all of them.  All of them worked after that through the load
balancer on his laptop.  That was before the changes that we made to the
applet this morning for the cookie.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message