https://coderanch.com/t/68395/BEA-Weblogic/cookieSecure-http#414821
As referenced in the above post if cookie-secure is flagged in the weblogic.xlm as true it forces the post to always be secure.
However how does it act if it is set to false? Does it always make it un-secure, or does it not care?
because I have this programming in
Java to try and control it
cookie.setSecure( URL.startsWith( "https" ) );
If I try it locally with
tomcat it works correctly for Http (un-secure) and Https (secure).
However my server runs weblogic which is HTTPS but it always marks it un-secure.
So I was wonder if cookie-secure = false it setting it to un-secure. and if so, is there a way around it?