Setting Secure Flag on JSESSION cookie

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

Post Reply
pawel.masloch
Ebase User
Posts: 3
Joined: Mon Apr 20, 2015 12:56 pm

Setting Secure Flag on JSESSION cookie

#1

Postby pawel.masloch » Wed Aug 05, 2015 12:07 pm

Hello,

I wonder if anyone has ever had a requirement to set secure flag on JSESSIONID cookie and what needed to be done to successfully complete the task?

Please note adding <secure>true</secure> to <session> => <cookie> works only over https - otherwise the form is not accessible (even when secure form is forced in form property).

Thanks.
0 x
Hovik
Moderator
Moderator
Posts: 184
Joined: Tue Sep 11, 2007 8:58 am

#2

Postby Hovik » Wed Aug 05, 2015 1:46 pm

Did you add the secure flag to web.xml? e.g.

change:

Code: Select all

      <session-config>
         <session-timeout>30</session-timeout>
      </session-config>
to:

Code: Select all

      <session-config>
         <session-timeout>30</session-timeout>
         <cookie-config>
             <http-only>true</http-only>
             <secure>true</secure>
         </cookie-config>
      </session-config>
0 x
Post Reply

Return to “Application Development”

Who is online

Users browsing this forum: No registered users and 23 guests