How to make JSESSIONID and other cookie secure?

Asked Jan 05 '18 at 05:48

Active Jan 05 '18 at 13:56

Viewed 136 times

I used the below code in WEB-INF/web.xml but JSESSIONIDcookie is still not secure. I am doing something wrong because in my application we are using Spring 3.x for session management. Any advise or guidance would be greatly appreciated.

<session-config>
    <cookie-config>  
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
</session-config>

edited Jan 05 '18 at 13:56

asked Jan 05 '18 at 05:48

MostlyJava

See https://stackoverflow.com/questions/14989396/forcing-tomcat-to-use-secure-jsessionid-cookie-over-http and https://stackoverflow.com/questions/44553017/setting-httponly-and-secure-in-web-xml. – dur Jan 05 '18 at 13:44
1

it's working, thanks – MostlyJava Jan 13 '18 at 10:34

How to make JSESSIONID and other cookie secure?

0 Answers0