,
But we are creating no cookies by our own. Our requirement is to just
secure the Apache OR Resin created Cookies for session management.
So we created a generic filter for that.
Regards,
Abhinav
[Resin-interest] Cookie security over SSL (https) connections
http://maillist.caucho.com
://maillist.caucho.com/pipermail/resin-interest/2009-September/004027.html
[Resin-interest] Cookie security over SSL (https) connections *Jeff
Schnitzer* jeff at infohazard.org
resin-interest%40caucho.com?Subject=%5BResin-interest%5D%20Cookie%20security%20over%20SSL%20%28https%29%20connectionsIn-Reply
Hi!
Have you tried using ssl-session-cookie configuration?
Here's the documentation:
http://caucho.com/resin-3.1/doc/cluster-tags.xtp#ssl-session-cookie
Cheers,
Kai
2009/9/9 Abhinav Gupta abhi...@appirio.com:
Hi All,
This problem is regarding cookie security over SSL(https). We are
Hi All,
This problem is regarding cookie security over SSL(https). We are running a
J2EE webapplication, our motive is to get the cookie's isSecure flag set
to true. We tried researching around the resin config settings for this but
no luck. Details of the approach we tried and the issue faced
Why aren't you creating the cookies with setSecure(true) in the first place?
If you have tons of legacy code that sets cookies, why not create a
Filter that wraps HttpServletResponse (there is a convenient
HttpServletResponseWrapper for this), intercepts the addCookie()
method calls, and calls