Hello, With this filter enabled in Tomcat's web.xml: <filter> <filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter> My sessions are being immediately lost. If I comment out the filter, everythis is fine. What does this filter actually do, and is it required if the front-end webserver already handles hsts? ________________________________________________ Kevin Huntly Email: kmhun...@gmail.com Cell: 716/424-3311 ________________________________________________ -----BEGIN GEEK CODE BLOCK----- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* ------END GEEK CODE BLOCK------