Revision history [back]

click to hide/show revision 1
initial version

asked 2018-05-11 02:11:23 +0800

ChrisDMac gravatar image ChrisDMac

Secure jsessionid with secure, httponly flags, jetty web server

I'm wondering how I can add the secure and httponly flags to jsessionid. I've tried adding the lines:

< session-config > < cookie-config > < http-only >true< /http-only> < secure>true< /secure> < /cookie-config> < /session-config>

to both the web.xml and/or zk.xml files in my WEB-INF directory. This seems to have no effect.

What is the correct way to do this?

Thanks!

Secure jsessionid with secure, httponly flags, jetty web server

I'm wondering how I can add the secure and httponly flags to jsessionid. I've tried adding the lines:

< session-config >

<session-config>
 < cookie-config >
<cookie-config>
 < http-only >true< /http-only>
<http-only>true</http-only>
 < secure>true< /secure>
<secure>true</secure>
 < /cookie-config>
< /session-config>

</cookie-config> </session-config>

to both the web.xml and/or zk.xml files in my WEB-INF directory. This seems to have no effect.

What is the correct way to do this?

Thanks!

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More