{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 戒情不戒烟 的问题《Setting Secure cookies when HTTPS (for mixed HTTPS》','https://www.manongdao.com/q-691302.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We have a site running on CF7 that has both logged in and logged out sections, and uses jsessionid for sessions.
When switching to HTTPS (for the secure sections), we need to start a new secure session, setting the 'Secure' flag on the jsessionid cookie.
Whilst JRun has an option for setting 'Secure' it appears to be an all-or-nothing deal.
Is there a way to always use Secure when in HTTPS mode?
Related Question: Setting HttpOnly flag for all cookies.
This explanation seems quite thorough. For some reason, it is not trivial.
12robots.com Making the JSESSIONID Session Token Cookie SECURE and HTTPOnly and settings its PATH