Hi Experts,
We are trying to move our applications deployed in tomcat to JBoss EAP.
We have managed to deploy our applications and able to bring it up without much issue, but after we tried to login to our web based system, when we click any other links, session is terminating unexpectedly.
We have done some research and found the following setting in the web.xml is causing this session termination issue
<session-config>
<session-timeout>15</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
when we comment out the <cookie-config> setting in the web.xml, we are able to use it without any issue.
Now the question is, why when adding the above config into web.xml, jboss is terminating the session?
The following code is returning null when using the above session config
request.getSession(false).getAttribute("user") => null when "http-only" and "secure" flag is used?
Can anyone enlighten us on this issue?
Regards,
Mayuran
secure cookies can only be used if you are using https