[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] How to httpOnly and secureCookie cookie flags
|
Hi all!
I'm trying to set cookies created by Jetty to be secure and httpOnly in
Jetty 6.1.26. So far I've found that
org.mortbay.jetty.servlet.HashSessionManager (which seems to be default
session manager) has setHttpOnly and setSecureCookies methods. However,
calling those ones from context configuration, or from jetty-web.xml in
my web app seems to have no effect - FireFox Web Developer plugin
cookies tab still says something like:
Name JSESSIONID
Value 4cq07v2wmoia16fvrd8k026vg
Host localhost
Path /myapp
Secure No
Expires At End Of Session
Here is part of web app's WEB-INF/jetty-web.xml (excluding doctype and
xml tag) I use:
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="httpOnly">True</Set>
<Set name="secureCookies">True</Set>
</Get>
</Get>
</Configure>
Using <Call name="setHttpOnly"><Arg type="boolean">True</Arg></Call>
seems to have no effect as well.
So, what am I doing wrong, and how should I set those attributes (and am
I setting them in the right place)?
Thanks in advance!
Alex-