It's in the Spring configuration for ticketGrantingTicketCookieGenerator. That bean takes a boolean parameter named "cookieSecure". I'll let you guess what it does.
Best regards, -- Carlos M. Fernández Sr. Enterprise Systems Admin Saint Joseph's University W: 610-660-1501 M: 215-316-1193 E: cfern...@sju.edu On Jun 18, 2013, at 17:33, Tom Poage <tfpo...@ucdavis.edu> wrote: > On 06/18/2013 02:23 PM, cfern...@sju.edu wrote: >> Where do you see that? In the Chrome dev tool I can see that our CAS 3.5.2 >> installation sends both HttpOnly and Secure. I didn't make any major changes >> from the defaults, either. > > Don't see the flag set in browsers I've tested (FF, Chrome), and don't > see reference to it in the (3.5.2) code. I do see Secure. > > Hmm, maybe back to the drawing board? Do you know how/if it's explicitly > configured in e.g. your web.xml? > > Thanks. > Tom. > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user