Hi,
I don't want every session cookies to be secure cookies, so I intentionally set secure attribute "false" in server,xml's SSL connector tag. (Actually tomcat native is compiled with OpenSSL and LD_LIBRARY_PATH is set, so the SSL connector is using APR in my case.) But even though doing above, catalina.connector.Request.isSecure() is always "true" when Tomcat creating session cookie internally. How can I turn every session cookie's secure attribute off ? (Testing with Tomcat7.0.26 and Sun JDK1.6.31 in x86_64 Linux Box) Thanks, Teppei --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org