Hi Grzegorz ,
First off, thank you so much for the Pax Web 8 effort. It really helps to
have a proper implementation of the OSGi R6/7 http and whiteboard service
specs.
Quick question - are the <session-config> and <cookie-config> elements in
web deployment descriptors supported now? I found a note they weren't in
Pax Web 4, but a lot must have changed since. These elements seem to be
ignored in our app.
Related, I cannot seem to get the session cookie to be configured with the
Secure flag via the org.ops4j.pax.web.cfg file in Karaf 4.4.4.
Setting org.ops4j.pax.web.session.cookie.secure = true has no effect if the
connector used is http (non-secure).
In my mind, if org.ops4j.pax.web.session.cookie.secure is set, the flag
should be set in the cookie header, no matter the connector/transport. We
offload TLS at the load balancer, and this use case is rather common.
I had to use the jetty-web.xml to set the session cookie config secure
flag to true to work around it.
<Get name="sessionHandler">
<Get name="sessionCookieConfig">
<Set name="secure" type="boolean">true</Set>
</Get>
</Get>
But something is still off, because when I get the SessionConfig via the
ServletContext, the getSessionCookieConfig().isSecure() returns false.
Before I spend any more time on it, please let me know if there is
something significant that I must be missing.
Thanks,
Ivaylo
--
--
------------------
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
---
You received this message because you are subscribed to the Google Groups
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ops4j+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ops4j/2a45d4a7-d109-43b8-9b3b-416b736f8331n%40googlegroups.com.
