Re: secure cookies

2013-07-31 Thread Prafull
On Tue, Jul 30, 2013 at 9:39 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, July 29, 2013 8:21 PM To: Tomcat Users List Subject: Re: secure cookies -BEGIN PGP SIGNED

Re: secure cookies

2013-07-30 Thread Prafull
On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 7/29/13 4:09 PM, Jeffrey Janner wrote: Thanks for the verification, Mark. I was under the impression you'd only want to [set

Re: secure cookies

2013-07-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Prafull, On 7/30/13 9:44 AM, Prafull wrote: On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz ch...@christopherschultz.net wrote: Jeffrey, On 7/29/13 4:09 PM, Jeffrey Janner wrote: Thanks for the verification, Mark. I was under the

RE: secure cookies

2013-07-30 Thread Jeffrey Janner
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, July 29, 2013 8:21 PM To: Tomcat Users List Subject: Re: secure cookies -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 7/29/13 4:09 PM, Jeffrey Janner wrote

secure cookies

2013-07-29 Thread Jeffrey Janner
Have a client that is wanting us to implement the following in web.xml: session-config cookie-config http-onlytrue/http-only securetrue/secure /cookie-config /session-config But from what I can tell, that's only available in 7+ and we are running at 6.latest with plans to

RE: secure cookies

2013-07-29 Thread Jeffrey Janner
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Monday, July 29, 2013 2:29 PM To: 'Tomcat Users List' Subject: secure cookies Have a client that is wanting us to implement the following in web.xml: session-config cookie-config http-onlytrue/http-only securetrue

Re: secure cookies

2013-07-29 Thread Mark Thomas
On 29/07/2013 21:31, Jeffrey Janner wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Monday, July 29, 2013 2:29 PM To: 'Tomcat Users List' Subject: secure cookies Have a client that is wanting us to implement the following in web.xml: session-config cookie-config

RE: secure cookies

2013-07-29 Thread Jeffrey Janner
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, July 29, 2013 2:54 PM To: Tomcat Users List Subject: Re: secure cookies On 29/07/2013 21:31, Jeffrey Janner wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Monday, July 29, 2013

Re: secure cookies

2013-07-29 Thread Mark Thomas
On 29/07/2013 22:09, Jeffrey Janner wrote: -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, July 29, 2013 2:54 PM To: Tomcat Users List Subject: Re: secure cookies On 29/07/2013 21:31, Jeffrey Janner wrote: From: Jeffrey Janner [mailto:jeffrey.jan

Re: secure cookies

2013-07-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 7/29/13 4:09 PM, Jeffrey Janner wrote: Thanks for the verification, Mark. I was under the impression you'd only want to [set secure=true] if you were already front-ending the site with something that was doing the SSL for you (e.g.