[Catalyst] Making secure session cookies (or, how do we make Explorer stop complaining about nonsecure content on a secure page?)

Carl Franks fireartist at gmail.com
Mon Feb 21 15:15:17 GMT 2011

On 21 February 2011 14:09, will trillich <will.trillich at serensoft.com> wrote:
> Nope it's not the javascript. Searching view-source for "http://" shows only
> DOCTYPE, xmlns, <!-- comments --> and links to other/external websites.
> The session cookie does show as non-secure, so that's why we're thinking
> it's the main culprit.
> Otherwise, is there a tool out there that helps discover what Explorer is
> griping about when it says "this page contains both secure and nonsecure
> items..."?


It shouldn't matter that it's not a secure cookie - that's just a flag
that tells the browser it shouldn't send the cookie back to the same
domain on any non-SSL requests.
Cookies are sent as part of a request/response for a URL - so it's a
URL that's the problem, not a cookie.

I recommend you try viewing the page in a browser that will let you
see all network requests - e.g. firefox with the firebug plugin


More information about the Catalyst mailing list