[Catalyst] Making secure session cookies (or, how do we make
Explorer stop complaining about nonsecure content on a secure page?)
will trillich
will.trillich at serensoft.com
Mon Feb 21 16:11:05 GMT 2011
Thanks for the cookie back-story, Carl. We're looking into a firefoxy
diagnosis.
On Mon, Feb 21, 2011 at 9:15 AM, Carl Franks <fireartist at gmail.com> wrote:
> On 21 February 2011 14:09, will trillich <will.trillich at serensoft.com>
> wrote:
> > Nope it's not the javascript. Searching view-source for "http://" shows
> only
> > DOCTYPE, xmlns, <!-- comments --> and links to other/external websites.
> > The session cookie does show as non-secure, so that's why we're thinking
> > it's the main culprit.
> > Otherwise, is there a tool out there that helps discover what Explorer =
is
> > griping about when it says "this page contains both secure and nonsecure
> > items..."?
>
> Hi,
>
> It shouldn't matter that it's not a secure cookie - that's just a flag
> that tells the browser it shouldn't send the cookie back to the same
> domain on any non-SSL requests.
> Cookies are sent as part of a request/response for a URL - so it's a
> URL that's the problem, not a cookie.
>
> I recommend you try viewing the page in a browser that will let you
> see all network requests - e.g. firefox with the firebug plugin
> running.
>
> Carl
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
-- =
The first step towards getting somewhere is to decide that you are not going
to stay where you are. -- J.P.Morgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110221/5231f=
2ad/attachment.htm
More information about the Catalyst
mailing list