Announcement Announcement Module
No announcement yet.
JsessionID Cookie Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • JsessionID Cookie

    We are using spring security 3.0.5-Release.

    I have had to create a filter to set the JSESSIONID cookie to secure when the request is secure(HTTPS) and this works when displaying the login page.

    After a successful login Spring creates a new Session and a new JSESSIONID cookie this new cookie does not have the secure flag set.
    I want to know if it is possible to set this cookie's secure attribute?

    Thank you for any feedback.

  • #2
    Did you happen to see the FAQ entry on this? In short, the JSESSIONID cookie is created by the container (i.e. Tomcat) so you must consult the containers documentation on how to change this. Typically the cookie will be secure if you were using https when the session was created.