In my shiro.ini I have set securityManager.sessionManager.sessionIdCookie.secure = true
but when I inspect the cookie in Chrome, there is no checkmark under the Secure column (it's present for HttpOnly, as expected given Shiro's default for SimpleCookie). I am serving the web app over SSL with a self-signed cert during development. Is the self-signing a problem? Is there a way to programmatically check that the Secure attribute is being honored? Or am I concerned over nothing? Thanks, Andrew PS -- apologies if this message is duplicated; Nabble issues. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Secure-attribute-of-session-ID-cookie-tp7578632.html Sent from the Shiro User mailing list archive at Nabble.com.
