You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Andrew Mottaz <an...@site9.net> on 2003/11/14 20:05:36 UTC
Secure Cookie Problem
Hi All,
I'm new to the list -- I hope this is not a topic that's been beaten to
death - I searched the Archives but could not find the answer to my
question.
The problem I'm having on Tomcat 4.1.29 is that the first page a user visits
is secure -- the session cookie gets set with the 'secure' flag value set to
true. After login, the user gets sent to a non-secure page, the 'secure'
cookie does not get sent back to the server, and the user gets a new session
which is not logged in.
After visiting the non-secure page, the user can go back to the secure page
and log in without any problems.
Is there a config setting to tell Tomcat never to use secure cookies, or any
other solution to fix this problem (other than forcing a non-secure page
visit first)?
Thanks much,
--
Andrew Mottaz
Site 9 :: Internet Business Solutions
116 W. Illinois, Ste 6E
Chicago, Illinois 60610
312.670.8469
www.site9.net
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org