I want to mark my JSESSIONID
cookie generated by tomcat(version 8) as secure. im using java 12
...
So far i have tried
web.xml
file, i have added <cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
in session-config section
cookie.setSecure(true)
in my servlet
both not working.. any better solution?
There are 2 flag should be maintain to avoid Session cookies hijacking(HttpOnly, Secure)
Set-Cookie: JSESSIONID=T8zK7hcII6iNgA; Expires=Wed, 21 May 2018 07:28:00 GMT; HttpOnly; Secure
For Servlet 3.0 the configuration as
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.