How to set secure flag true in spring mvc

Asked Jun 14 '16 at 09:57

Active Dec 26 '17 at 13:14

Viewed 1,888 times

I am not getting how to set flag secure to true in spring mvc. I have tried the following four ways but I'm unable to get any solution:

1) Set http-only on cookies created in Spring MVC Controller

2) Forcing Tomcat to use secure JSESSIONID cookie over http

3) https://www.owasp.org/index.php/SecureFlag

4) https://www.whitehatsec.com/blog/session-cookie-httponly-flag-java/

I have tried this code also and placed in web.xml <session-config> <session-timeout>20</session-timeout> <cookie-config> <secure>true</secure> </cookie-config> </session-config>

but it's not working.

i have tried using java:

Cookie cookie = new Cookie("timestamp", new Long(new Date().getTime()).toString()); cookie.setSecure(true);

I placed above code in Interceptor but this is also not working.

When I check in my browser/resources to check whether my flag is set to secure or not. but none of the ways is working. Please tell me where I am going wrong.

edited May 23 '17 at 11:58

Community

asked Jun 14 '16 at 09:57

Rucha

what is *"When I see in my browser/resources ito check whether my flag is set to secure or not"* supposed to mean? Could you please translate your entire question into english? – specializt Jun 14 '16 at 10:19
unexptected from stackoverflow people – Rucha Jun 14 '16 at 13:16

How to set secure flag true in spring mvc

0 Answers0