-
1. Re: Wildfly 9 httponly issue
nayal.ashish Feb 2, 2017 12:47 AM (in response to nayal.ashish)Plz someone from wildfly team help me on this issue as I my application security audit process is pending before of this issue
-
2. Re: Wildfly 9 httponly issue
nayal.ashish Feb 2, 2017 5:41 AM (in response to nayal.ashish)I have resolve the issue you have to do the following configuration in jboss-all.xml
<shared-session-config xmlns="urn:jboss:shared-session-config:1.0">
<session-config>
<session-timeout>20</session-timeout>
<cookie-config>
<path>/</path>
<http-only>true</http-only>
<secure>false</secure> //Make sure this is set to false only
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
</shared-session-config>
-
3. Re: Wildfly 9 httponly issue
jboss234 Aug 28, 2017 10:47 AM (in response to nayal.ashish)I tried to Add the 'Secure' attribute to all sensitive cookies and for that I have added <session-cookie http-only="true" secure="false"/> under <servlet-container name="default"> in standalone.xml. After restarting the Wildfly 10 app server when I logged into the application I am getting "Session Error" popup.
How to prevent this popup and add the 'Secure' attribute to all sensitive cookies.