1 Reply Latest reply on May 10, 2010 6:42 AM by Mariusz Olejnik

    How to set secure attribute for jsession cookie?

    Pradeep Kumar Newbie

      Hello everyone,

       

      We are using JBOSS 4.2.3 GA version for our application. Recently our security team ran some tests on our application and reported that for the JSESSIONID, the secure attribute is not set. I tried look for possible solutions to fix this, but in vain. Is there a way I can set the secure attribute for the sessionid cookie. FYI all our requests will be over HTTPS however our application is front-ended by an SSL offloading load balancer which uses HTTP. Any help in this regard is really appreciated.

       

      Thanks...