Thanks for your help/diagnosis yesterday, gentlemen. It looks like I'll need to go with Jan's original suggestion of the session-config/cookie-config web.xml settings.
I googled but can't find an obvious answer: can I deploy a servlet=3.0 web.xml into a jetty 6.1.22 container to use the <session-config> syntax? I just tried it on a test server and it *appeared* to load the WAR okay, but wanted to ask the experts before I assumed that was a viable option. Thanks again for all the help, Tom On Thu, Feb 13, 2014 at 6:49 PM, Joakim Erdfelt <[email protected]> wrote: > Jetty 8.x is Servlet 3.0, its easier to use the standard location in the > WEB-INF/web.xml of your webapp. > > <session-config> > <cookie-config> > <secure>true</secure> > </cookie-config> > </session-config> > > > -- > Joakim Erdfelt <[email protected]> > webtide.com <http://www.webtide.com/> - intalio.com/jetty > Expert advice, services and support from from the Jetty & CometD experts > eclipse.org/jetty - cometd.org > > > On Thu, Feb 13, 2014 at 4:37 PM, Tom Vaughan <[email protected]>wrote: > >> Hi - >> >> I'm upgrading from jetty 6.1.22 to 8.1.8 and I've notice that the >> configuration for setting cookies to be secure has moved under a layer of >> indirection. I'm having trouble configuring it and I'm hoping someone on >> this list can clue me in to what I'm doing wrong. >> >> Basically, in 6.1.22 I could do this: >> >> <Get name="sessionHandler"> >> <Get name="sessionManager"> >> <Set name="secureCookies">true</Set> >> </Get> >> </Get> >> >> In 8.1.8 it looks like the code path should be: >> >> >> WebAppContext.getSessionHandler().getSessionManager().getSessionCookieConfig().setSecure(true); >> >> Seems straight forward enough. >> >> So here's my new context configuration: >> >> <Configure class="org.eclipse.jetty.webapp.WebAppContext"> >> <Get name="sessionHandler"> >> <Get name="sessionManager"> >> <Get name="sessionCookieConfig"> >> <Set name="secure" type="boolean">true</Set> >> </Get> >> </Get> >> </Get> >> >> But when I start jetty, the context dies with this error in the logs: >> oejx.XmlConfiguration:Config error at true >> java.lang.NoSuchMethodException: class >> org.eclipse.jetty.server.session.AbstractSessionManager$2.setSecure(boolean) >> >> >> Why is it trying to call setSecure on the sessionManager instead of the >> sessionManager's sessionCookieConfig? >> >> Any thoughts? >> >> Thanks in advance! >> Tom >> >> >> P.S. this is an x-post of a stack overflow question, so if you want some >> karma, you can answer over there: >> http://stackoverflow.com/questions/21763824/setting-secure-cookies-on-jetty-6-8-upgrade >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> >> > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
