What I have done is do a edit-header to append the "Secure" onto the Set-Cookie command coming back from the app-container through the web server. The header edit command is only available on 2.2 (likely 3.X also), but not on 2.0.
Example: Header edit Set-Cookie ^(.*)$ $1;Secure; -Mark On Mon, May 23, 2011 at 1:40 PM, Gil Pratte <gilbert.pra...@gmail.com>wrote: > Hello all, > > I'm using apache http as a reverse proxy to tomcat. http takes care of the > ssl encryption. > > Can anyone enlighten me on how to set the cookie secure flag to true. > > thanks in advance, > > gilbert >