You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/11/17 06:44:01 UTC

DO NOT REPLY [Bug 24739] New: - Control of secure flag when establishing sessions through https using cookies

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739

Control of secure flag when establishing sessions through https using cookies

           Summary: Control of secure flag when establishing sessions
                    through https using cookies
           Product: Tomcat 4
           Version: 4.1.29
          Platform: Macintosh
        OS/Version: MacOS X
            Status: NEW
          Severity: Minor
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: andrew@site9.net


Because the secure flag is always set to yes when a session is created through 
an https connection, these session are lost when a user visits a non-secured 
page.  The reverse is NOT true -- if the first page is a non-secure page, the 
cookie will work on both secured and un-secured connections.

Developers should have explicit control over whether the secure flag is set to 
yes.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org