[jetty-users] Need help with how Jetty handles Secure cookies for webapps

Ike Ikonne Wed, 06 Mar 2013 07:04:26 -0800

Hi all, 

I sent this before, but got no response,  so I am resending ...


I have an embedded Jetty that serves primarily dynamic content via 
jsf pages.  This application uses SSL for all requests, we have put code 
to tell Jetty to always set the HttpOnly and Secure cookie option, but 
it appears that it does this only on some requests, what must I do to 
tell Jetty to always set these flags in all responses back to the client 

Here is my code snippet: 

WebAppContext wc = (WebAppContext)hl; 
SessionHandler sh = wc.getSessionHandler(); 
SessionManager sm = null; 
if (sh != null) sm = sh.getSessionManager(); 
if (sm != null && sm instanceof AbstractSessionManager) { 
        AbstractSessionManager asm = (AbstractSessionManager)sm; 
        asm.setHttpOnly(true); 
        asm.setSecureCookies(true); 
        asm.setSessionIdPathParameterName(null); 
} 

Thanks, 

Ike __________

_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users

[jetty-users] Need help with how Jetty handles Secure cookies for webapps

Reply via email to