tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anders Rundgren" <>
Subject Tomcat MAC IE5 SSL Partial Bug fix
Date Sat, 06 Apr 2002 09:39:33 GMT
Hi Jay,

I noted that you added a blank to create "; Secure" instead of ";Secure".
I am just curious where you got the background spec. for doing this
change and if you have verified this with Mac IE 5?

Well, I'm sure you have!

BTW, does any browser handle this flag correctly?  I.e. not sending
secure cookies in non-secure sessions.  It seems that cookie changes
must be verified with a lot of browsers as we have noted subtle
differences in old and new Netscapes, IEs, Operas etc.  A real
nightmare IMHO!

Actually I think this patch may not be enough as it is likely to be handled
differently among browsers.  If somebody want to switich from https to
http it may work with some browsers only.  I.e. I urge that the Tomcat
team  makes a configuration setting for this. Several other people have
indicated that they want to use Tomcat in this [not entitirely recommendable]
way.  Such a setting may affect other parts of Tomcat as well but that is just
a guess, as I know practically nothing about the Tomcat inside.  Locating the
"&Secure" stuff was just a shot in the air [using grep]...

Anders Rundgren,
[a most of the time a] happy Tomcat user

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message