-
FEATURED COMPONENTS
First time here? Check out the FAQ!
I'm wondering how I can add the secure and httponly flags to jsessionid. I've tried adding the lines:
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
to both the web.xml and/or zk.xml files in my WEB-INF directory. This seems to have no effect.
What is the correct way to do this?
Thanks!
According to the documentation the zk.xml doesn't have any <cookie-config>
-element. So any attempt in zk.xml won't have any effect (no need to try).
Using web.xml worked on my side:
Still the application works with or without HTTPS (so the effect is not instantly visible) However the expected effect becomes visible in the browser's developer tools -> only creates the cookie when running under HTTPS.
So a few questions from my side:
What kind of "effect" did you expect?
Did you configure your web.xml to use at least the servlet 3 spec (as mentioned here)?
Does your Jetty version support servlet spec 3.0 or above? -> Which jetty version do you use?
Asked: 2018-05-11 02:11:23 +0800
Seen: 7 times
Last updated: May 14 '18
ZK Spreadsheet Failure on App Engine Managed VM
using file upload in jetty ,a bug?
ZATS Mimic - Replacing Server Emulator (Jetty Lite) with Glassfish
Jetty 9 and ZK 7.0.2 don't work with web.xml version 2.5, 3.0 and 3.1
href mailto: causes session timeout