[jetty-users] How to force Jetty to set secure Cookie option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] How to force Jetty to set secure Cookie option

From: Ike Ikonne <iikonne@xxxxxxxxxx>
Date: Tue, 5 Mar 2013 13:02:05 -0600
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi all,

I have an embedded Jetty that serves primarily dynamic content via
jsf pages. This application uses SSL for all requests, we have put code
to tell Jetty to always set the HttpOnly and Secure cookie option, but
it appears that it does this only on some requests, what must I do to
tell Jetty to always set these flags in all responses back to the client

Here is my code snippet:

WebAppContext wc = (WebAppContext)hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if (sh != null) sm = sh.getSessionManager();
if (sm != null && sm instanceof AbstractSessionManager) {
AbstractSessionManager asm = (AbstractSessionManager)sm;
asm.setHttpOnly(true);
asm.setSecureCookies(true);
asm.setSessionIdPathParameterName(null);
}

Thanks,

Ike

Prev by Date: [jetty-users] Cookie values being quoted even if URL-Encoded
Next by Date: Re: [jetty-users] Jetty 9 and WebSocket
Previous by thread: [jetty-users] Cookie values being quoted even if URL-Encoded
Next by thread: [jetty-users] Need help with how Jetty handles Secure cookies for webapps
Index(es):
- Date
- Thread

Breadcrumbs