We would like to force the jsessionid cookie to be always secure = false even if its created for HTTPS for JBOSS AS 7 Packaged under jboss-eap 6.1
Our application has both secure & non-secure part and we would like to have session shared even if its created first for https request.
We tries jboss-web.xml & web.xml session-config, but its not working. Please advise.