You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Teppei Yamada <te...@silk.co.jp> on 2012/04/01 08:37:42 UTC
Secure attribute of Catalina SSL Connector(APR)
Hi,
I don't want every session cookies to be secure cookies, so I
intentionally set secure attribute "false" in server,xml's SSL connector
tag.
(Actually tomcat native is compiled with OpenSSL and LD_LIBRARY_PATH is
set, so the SSL connector is using APR in my case.)
But even though doing above, catalina.connector.Request.isSecure() is
always "true" when Tomcat creating session cookie internally.
How can I turn every session cookie's secure attribute off ?
(Testing with Tomcat7.0.26 and Sun JDK1.6.31 in x86_64 Linux Box)
Thanks,
Teppei
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Secure attribute of Catalina SSL Connector(APR)
Posted by Pid <pi...@pidster.com>.
On 01/04/2012 07:37, Teppei Yamada wrote:
> Hi,
>
>
> I don't want every session cookies to be secure cookies, so I
> intentionally set secure attribute "false" in server,xml's SSL connector
> tag.
May I ask why?
> (Actually tomcat native is compiled with OpenSSL and LD_LIBRARY_PATH is
> set, so the SSL connector is using APR in my case.)
> But even though doing above, catalina.connector.Request.isSecure() is
> always "true" when Tomcat creating session cookie internally.
That attribute refers to the request, not the cookie, so if you're using
an SSL enabled connector it /should/ return true.
> How can I turn every session cookie's secure attribute off ?
> (Testing with Tomcat7.0.26 and Sun JDK1.6.31 in x86_64 Linux Box)
Again, why would you want to do this when the cookie is generated from a
secure connection?
p
> Thanks,
> Teppei
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
[key:62590808]