Sorry
I made mistake.
The source is org.apache.coyote.tomcat5。OutputBuffer.java
Susumu Majima
> -----Original Message-----
> From: 真嶌 晋 [mailto:susumu.majima_at_mail.rakuten.co.jp]
> Sent: Tuesday, June 24, 2008 5:50 PM
> To: users_at_glassfish.dev.java.net
> Subject: FYI:How to fix 'JSESSIONID is not set secure in
> HTTPS protcol'
>
>
> FYI
>
> Hello,
>
> We have been strugling with JSESSIONID problem. Finally We
> find fix point.
>
> We use apache and glassfish and specify jvmRoute for
> connecting apache and glassfish instance.
> If we use jvmRoute glassfish use JSESSIONID cookie. We tried
> to check JSESSION cookie is secure in HTTPS protocol.
> But it not work properlly. We find fix point in glassfish
> source. It's javax.servlet.http.Cookie.OutputBuffer.java
> In that source JSESSIONID is set secure if protocol is
> secure. We fix source code and the problem is gone.
>
> In method private void addSessionCookieWithJvmRoute() we add
> below at line 704 of OutputBuffer,java
>
> if (req.isSecure()) {
> cookie.setSecure(true);
> }
>
> It's just information who is strugling with the same problem.
>
> I repoert it to the community.
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=5200
>
> Regards,
>
> Susumu Majima
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>