We use tomcat forms authentication and it is cookies being used.
There are 3 cookies, JSESSONIDSSO, test and JSESSONID.
Not sure how you tell if its marked secure? The test cookie is for testing
to assure cookies are enabled.
Thanks for your help!
Rainer Jung-3 wrote:
krusek wrote
I have Apache 2 with SSL, mod_jk connection, and Tomcat. Everything has
worked peachy from one tomcat upgrade after another. However now I upgraded
to tomcat 6 and I am loosing the session when switching from https to http
within the same domain.
For clarity, Apache 2 is handling SSL not
