Hi all, I need help regarding when and under what conditions does Jetty sets the secure/httpOnly flag when sending response back to the client. I posted an earlier e-mail but still have not received any response yet. I would appreciate it if someone could point to me to a resource that might help to clarify this to me. I have looked at the Jetty classes that handle session management it seems to me that we are setting the flags correctly, but jetty is only sending secure/httpOnly flags on some response but not in all of them, I would appreciate it if someone could explain to me why that is the case.
Thanks, Ike From: Ike Ikonne/Dallas/IBM@IBMUS To: [email protected], Date: 03/06/2013 09:07 AM Subject: [jetty-users] Need help with how Jetty handles Secure cookies for webapps Sent by: [email protected] Hi all, I sent this before, but got no response, so I am resending ... I have an embedded Jetty that serves primarily dynamic content via jsf pages. This application uses SSL for all requests, we have put code to tell Jetty to always set the HttpOnly and Secure cookie option, but it appears that it does this only on some requests, what must I do to tell Jetty to always set these flags in all responses back to the client Here is my code snippet: WebAppContext wc = (WebAppContext)hl; SessionHandler sh = wc.getSessionHandler(); SessionManager sm = null; if (sh != null) sm = sh.getSessionManager(); if (sm != null && sm instanceof AbstractSessionManager) { AbstractSessionManager asm = (AbstractSessionManager)sm; asm.setHttpOnly(true); asm.setSecureCookies(true); asm.setSessionIdPathParameterName(null); } Thanks, Ike _________________________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
