DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739 Control of secure flag when establishing sessions through https using cookies Summary: Control of secure flag when establishing sessions through https using cookies Product: Tomcat 4 Version: 4.1.29 Platform: Macintosh OS/Version: MacOS X Status: NEW Severity: Minor Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Because the secure flag is always set to yes when a session is created through an https connection, these session are lost when a user visits a non-secured page. The reverse is NOT true -- if the first page is a non-secure page, the cookie will work on both secured and un-secured connections. Developers should have explicit control over whether the secure flag is set to yes. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]