--- ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java.orig	2008-04-10 11:29:31.000000000 -0400
+++ ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java	2008-04-10 11:30:19.000000000 -0400
@@ -699,6 +699,10 @@ public abstract class AuthenticatorBase
             Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, ssoId);
             cookie.setMaxAge(-1);
             cookie.setPath("/");
+            // Bugzilla 41217
+            javax.servlet.ServletRequest r = (javax.servlet.ServletRequest) request;
+            cookie.setSecure(r.isSecure());
+
             response.addCookie(cookie);
 
             // Register this principal with our SSO valve