You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Andrew Mottaz <an...@site9.net> on 2003/11/14 20:05:36 UTC

Secure Cookie Problem

Hi All,

I'm new to the list -- I hope this is not a topic that's been beaten to
death - I searched the Archives but could not find the answer to my
question.


The problem I'm having on Tomcat 4.1.29 is that the first page a user visits
is secure -- the session cookie gets set with the 'secure' flag value set to
true.  After login, the user gets sent to a non-secure page, the 'secure'
cookie does not get sent back to the server, and the user gets a new session
which is not logged in.

After visiting the non-secure page, the user can go back to the secure page
and log in without any problems.

Is there a config setting to tell Tomcat never to use secure cookies, or any
other solution to fix this problem (other than forcing a non-secure page
visit first)?

Thanks much,


--
Andrew Mottaz
Site 9 :: Internet Business Solutions
116 W. Illinois, Ste 6E
Chicago, Illinois 60610
312.670.8469
www.site9.net 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org