5

This is a different question related to securing JSESSIONID cookie in tomcat 7.

I am using a cloud server where we dont have access to tomcat server.xml but can set environment variables and tomcat system variables.

I need to change below setting:

   <Connector port=" ...  />

And add secure="true" attribute using environment properties only. Is there any tomcat environment which I can set. For example we have a tomcat environment variable: 

  `logging.dir=/logs/tomcatlogs`

I am using dynamic web module version 2.4 and java 7.

Amit Mahajan
  • 895
  • 6
  • 34
  • 4
    What is cloud server ? ask you admin to configure tomcat for you. This question is not related to jsessionid or cookie (in question title). You are asking "how to change server.xml if you don't have access to it". – Anton Aug 11 '17 at 21:02
  • HI @Anton , I need to configure the settings at my level if possible before reaching out to admin. Configuring it through properties seems to be a cleaner approach and I do not need to directly affect all the applications in same tomcat. I hope the question is clear. – Amit Mahajan Aug 14 '17 at 19:00
  • Have you seen this: https://stackoverflow.com/a/33461/4823977 – Hash Aug 17 '17 at 14:32
  • I will check this approach and let you know if it works – Amit Mahajan Aug 17 '17 at 15:51
  • I checked the above approach but it did not seems to work, i still see the jsessionid cookie as not secured. Is it mandatory to have https connection for jsessionid cookie to be secured? – Amit Mahajan Aug 22 '17 at 16:01
  • I finally found a working solution as per Mark's comment, but it required upgrading to Web 3.1 standard. Following settings in Web.xml did the trick: truetrue – Amit Mahajan Aug 24 '17 at 15:30

1 Answers1

4

Unfortunately (for your pursposes) this setting is per connector, and will affect all applications on that connector. There is no way to set this except at the connector level.

If you truly want to affect only some applications deployed to the server, you could ask the server admins to define a new connector (would require a different port) and just set that one, but that still requires admin intervention, which it sounds like you were trying to avoid.

Daniel
  • 3,312
  • 1
  • 14
  • 31