I want to set 'secure' flag to JSESSIONID cookie . Is there a configuration in tomcat 6 for this ?
I tried by setting 'secure="true"' in 'Connector' (8080) element of server.xml , but it creates problems ....thats Connection is getting reset .
Note开发者_如何学Python that in my application , the JSESSIONID is getting created in 'http' mode ( index page ) , when the user logins , it will switch into 'https' mode.
If you are using tomcat 6 you can do the following workaround
String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure ; HttpOnly");
see https://www.owasp.org/index.php/HttpOnly for more information
use the attribute useHttpOnly="true". In Tomcat9 the default value is true.
For nginx proxy it could be solved easy in nginx config:
if ($scheme = http) {
return 301 https://$http_host$request_uri;
}
proxy_cookie_path / "/; secure";
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论