Context: I'm migrating a Spring application 5.3.x hosted on jdk11/tomcat9 to Spring 6.1.x hosted on jdk21/tomcat11
My issue is, after the migration request.isSecure() returns true when I request the Filter in http.Of course prior to the migration, everything was working as expected.
@WebFilter({"/xxx"})public class MyFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { assert "http".equals(request.getScheme()); // it passes assert !request.isSecure(); // it fails // create the session here, it will set the JSESSIONID cookie request.getSession(true); chain.doFilter(request, response); }}It causes the JSESSIONID cookie being set to Secure preventing the browser to send it back on all further requests because I'm accessing the app in http.
Any idea was could cause this issue?Thanks