Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Need help with how Jetty handles Secure cookies for webapps

Hi all,

I sent this before, but got no response,  so I am resending ...

I have an embedded Jetty that serves primarily dynamic content via

jsf pages.  This application uses SSL for all requests, we have put code

to tell Jetty to always set the HttpOnly and Secure cookie option, but

it appears that it does this only on some requests, what must I do to

tell Jetty to always set these flags in all responses back to the client


Here is my code snippet:


WebAppContext wc = (WebAppContext)hl;

SessionHandler sh = wc.getSessionHandler();

SessionManager sm = null;

if (sh != null) sm = sh.getSessionManager();

if (sm != null && sm instanceof AbstractSessionManager) {

       AbstractSessionManager asm = (AbstractSessionManager)sm;

       asm.setHttpOnly(true);

       asm.setSecureCookies(true);

       asm.setSessionIdPathParameterName(null);

}


Thanks,


Ike
__________

Back to the top