Christopher Schultz wrote:
Yes, but the OP didn't say whether no changes were made to the original
code (or configuration) when moving between Tomcat versions.
Until the change to the login servlet for the cookie, there were no changes
to the app's code. It's even still being compiled against TC 3.2.4
libraries
with Java 1.4.2. Obviously, I had to jump through a few hoops on the TC
6 configuration since it has changed considerably since 3.2.4. I'm not sure
how much of those issues were due to the app not doing things in standard
ways and how much was changes between TC versions.
It's tough to tell. The OP was using TC 3.2.4 (ancient!) and it might
not have been setting the "secure" flag on that cookie.
I believe this to be true.
The cookie must be called JSESSIONID, and the value must be the id of
the session. So, you can just do something like this:
response.addCookie(new Cookie("JSESSIONID",
~ request.getSession().getId());
That is what we did.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
