I have an application (J2EE) which is partly on HTTP and partly on HTTPS. I want to have two session cookies to track a user, one when he on a HTTP page and other for HTTPS page.
I want the HTTPS cookie to secure and http-only. Is it possible?
Asked
Active
Viewed 542 times
1 Answers
0
Yes , you have to call setHttpOnly(true) , setSecure(true) on your cookie before sending it to client. Secure cookies are transfered via HTTPS or SSL.
Danilo Cândido
- 408
- 1
- 5
- 18
Thirumal
- 31
- 6
-
well, this won't work. the cookie intended for HTTP will be sent to HTTPS requests too. – ZhongYu May 19 '15 at 20:25
-
I agree , but I think we'll be able to figure out the request type and set the cookie . pl check http://stackoverflow.com/questions/8200853/how-can-i-know-if-the-request-to-the-servlet-was-executed-using-http-or-https – Thirumal May 20 '15 at 04:39