1 Reply Latest reply on May 10, 2010 6:42 AM by mariusz.olejnik

    How to set secure attribute for jsession cookie?

      Hello everyone,

       

      We are using JBOSS 4.2.3 GA version for our application. Recently our security team ran some tests on our application and reported that for the JSESSIONID, the secure attribute is not set. I tried look for possible solutions to fix this, but in vain. Is there a way I can set the secure attribute for the sessionid cookie. FYI all our requests will be over HTTPS however our application is front-ended by an SSL offloading load balancer which uses HTTP. Any help in this regard is really appreciated.

       

      Thanks...