On 01/04/2012 07:37, Teppei Yamada wrote: > Hi, > > > I don't want every session cookies to be secure cookies, so I > intentionally set secure attribute "false" in server,xml's SSL connector > tag.
May I ask why? > (Actually tomcat native is compiled with OpenSSL and LD_LIBRARY_PATH is > set, so the SSL connector is using APR in my case.) > But even though doing above, catalina.connector.Request.isSecure() is > always "true" when Tomcat creating session cookie internally. That attribute refers to the request, not the cookie, so if you're using an SSL enabled connector it /should/ return true. > How can I turn every session cookie's secure attribute off ? > (Testing with Tomcat7.0.26 and Sun JDK1.6.31 in x86_64 Linux Box) Again, why would you want to do this when the cookie is generated from a secure connection? p > Thanks, > Teppei > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature