This content has been marked as final.
Show 2 replies
-
1. Re: How to setup session cookie to be httpOnly and secure in JBOSS 7?
guinotphil Dec 2, 2011 8:33 AM (in response to pavelz)I'm not reallysure, but can you try to add this on your web.xml
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
-
2. Re: How to setup session cookie to be httpOnly and secure in JBOSS 7?
pavelz Dec 3, 2011 6:16 AM (in response to guinotphil)Thank you Guinot,
it works with 3.0 version of web.xml.
I had to update all my wars/ears depending on the environment, comparing to a single configuration change that was required with JBOSS 5,6. The settings of cookie protection are the same for the whole JBOSS instance, it was a good idea to allow global configuration of session cookie in JBOSS5,6, this feature is most likely missing in JBOSS7.