Tried using the below spring properties:
server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.secure=true
Still not able to see secure flag in response header for Set Cookie.
Asked
Active
Viewed 420 times
3
-
Have you got your answer? – Ravi Jan 18 '23 at 05:07
-
@Ravi are you looking at the page via https? – Gabor Lengyel Jan 18 '23 at 11:35
-
@GaborLengyel, yes, I'm looking for https – Ravi Jan 18 '23 at 12:42
-
Looking for, or testing on? Many backends won't set the cookie as secure if the request was over plain http as it doesn't make sense, the backend would not receive it back anyway. – Gabor Lengyel Jan 18 '23 at 13:03
-
1@krishan If you are using an older version you have to user `server.session.cookie.secure=true` https://stackoverflow.com/a/47989710/1038268 – Raghu Molabanti Jan 24 '23 at 10:44