I have an internal application with a JSP page that sets a user info cookie and then launches new window with a URL to a different web server. The cookie is set with security = false, root path, and domain = "domain.com". Application uri is in the format app1.domain.com and the new window is redirecting to app2.domain.com. This aproach has never caused any issue until we moved app1 to secure environment, where the cookie is being lost once the redirect has happened. I am running out of ideas at this point, played with secure=true/false values, tried to redirect to different resources, all with the same result: approach works in non-secure environment and does not work in secure environment. Has anyone encountered similar issue? I appreciate your help.