2 Replies Latest reply: Feb 23, 2012 6:23 AM by Alastair Rodgers RSS

How to set HttpOnly and Secure flag in cookies - JBoss 5.1.0

Mike Wigge Newbie

Hello!

 

I have to set the HttpOnly and the Secure flag in cookies.

 

There are some manuals how to set HttpOnly:

"In Tomcat 6 flag useHttpOnly=True in context.xml to force this behaviour for applications, including Tomcat-based frameworks like JBoss."

The context.xml can be found in jboss/server/<myserver>/deploy/jbossweb.sar/context.xml

 

Now it looks like this:

<!-- The contents of this file will be loaded for each web application -->
<Context cookies="true" crossContext="true" useHttpOnly="true">
   <!-- Session persistence is disable by default. To enable for all web
   apps set the pathname to a non-empty value:
   <Manager pathname="SESSIONS.ser" />

 

   To enable session persistence for a single web app, add a
   WEB-INF/context.xml
   -->
   <Manager pathname="" />

 

   <!-- Install an InstanceListener to handle the establishment of the run-as
   role for servlet init/destroy events.
   -->
   <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener>

</Context>

 

Regrettably, it doesn't work.

 

I wasn't able to find a manual how to set the Secure flag, either.

 

Can anyone help me?

 

Thanks in advance.