I'm confused so I'm not sure what I say below makes sense.
If I'm reading these posts correctly, the cookie is issued by the front end (which is Apache web server). Since it is created on an https session, it is being marked as "secure". When browser switches to a non-secure page on the same site, that cookie is not passed because it is a secure cookie. Apparently, this behavior changed between Apache 1.3.x+Apache SSL and Apache 2.2 (mod_ssl) because my app used to work doing this with Apache1.3 as the front end. Is there some way to configure Apache not to mark the cookie as secure even if it is creating it on an https connection? --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]