Set "safe" flag in JSESSION id cookie

Question

I want to set the "safe" flag in the JSESSIONID cookie. Is there any configuration in tomcat 6 for this?

I tried setting 'secure = "true" in the' Connector '(8080) element of server.xml, but it creates problems ... thats Connection gets reset.

Please note that in my application the JSESSIONID is created in the "http" mode (index page), when the user logs in, he switches to the "https" mode.

+2

Mariselvam Sep 27 '11 at 8:35

2 answers

Koray Güclü · Answer 1 · 2012-08-13T11:41:19+0000

If you are using tomcat 6, you can do the following workaround

String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure ; HttpOnly");

diystyle · Answer 2 · 2017-09-26T01:42:43+0000

useHttpOnly = "true". Tomcat9 - true.