We have a web module which we are running in a split ssl / non ssl mode. On our production system, our glassfish instance is running behind apache and the session cookie is working as we expect because the connection between the proxy connection is always http (available in both "modes").
We were hoping you would know of a way to configure glassfish v2 to allow the JSESSIONID to be available on both ssl and non ssl connections. By default if you are authenticating via SSL connection, then the JSESSIONID cookie explicitly has secured only true hence for all the HTTP connection made, the cookie is not sent across and hence user is treated as not logged in!
In the CVS source tree, we found
http://wiki.glassfish.java.net/Wiki.jsp?page=SessionTrackingCookieConfig which appears to have this capability but it was not clear how to affect this behavior from the configuration properties.
Could you please let us know how to make JSESSIONID cookie unsecured?
Thanks!
[Message sent by forum member 'girixkumar' (girixkumar)]
http://forums.java.net/jive/thread.jspa?messageID=273056