Missing HTTP attribute in jboss7?

Question

Missing HTTP attribute in jboss7?

I used the following steps with JBOSS5 and 6, but they are not applicable to JBOSS 7:

- change server/CONFIG/deploy/jbossweb.sar/context.xml - add <SessionCookie httpOnly="true" secure="true">

As I found a solution for jboss7, add the http-only tag to the session configuration in web.xml

 <session-config> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> <tracking-mode>COOKIE</tracking-mode> </session-config>

So, as far as I understand, this is about setting up the web.xml application level. So, how can we make cookie protection settings for the whole JBOSS instance? it was a good idea to enable global session cookie configuration in JBOSS56, is this feature missing in JBOSS7? This question may be repeated in StackOverflow. but I could not correctly understand these answers.

+4

java-ee session-cookies servlets jboss7.x cookie-httponly

bNd Nov 28 '12 at 7:28

source share

1 answer

ctomc · Answer 1 · 2012-12-16T23:31:07+0000

there is no need to configure this as part of some configuration file. This configuration is now part of the servlet specification, which means that it can be configured as part of web.xml

  <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config>

just make sure you are using the 3.0 xsd version of web.xml

Missing HTTP attribute in jboss7?

More articles: