In this article we want to show how to create new session for http protocol when web browser blocks
JSESSIONID after https was used.
1. Problem description
Google Chrome error:
This Set-Cookie was blocked because it was not sent over a secure connection and would have overwritten a cookie with the Secure attribute.
When https protocol is in use, Tomcat creates
JSESSIONID cookie with
Secure property that makes imposible to create
JSESSIONID again with http protocol.
Response header for
Set-Cookie: JSESSIONID=494B7D14488AF5713852C4D21A042A622C49639F9E3BDB929177F43628689574FDC9F68901A2BEBECA9D792F4F3DF97701FA; Path=/; Secure; HttpOnly
2. Problem solution
- go to Application tab in Google Chrome DevTools,
JSESSIONIDcookie - do not refresh web browser,
- go to
http://localhost- it will create
- now you can use Tomcat sessions with
- do not mix
- it is good to add redirection to
httpsif it is possible.