How to activate secure cookies in Wildfly?

Question

How to activate secure cookies in Wildfly?

I am trying to add a secure flag to my cookies for a web application in Wildfly (version 8.2). In the servlet container settings documentation page, you will find that the children from the "servlet container":

Jsp
persistent-sessions
cookie session
Websockets

However, I only have jsp and websockets. How to access session cookie settings? If I can’t, how do I add a security flag to my cookies?

UPDATE : I cannot access web.xml files inside wars, only wildfly configuration files.

+6

java cookies servlets wildfly wildfly-8

gurghet Jul 01 '15 at 13:58

source share

3 answers

You can easily configure the safe flag and the http-only security flag by adding the following to your web.xml.

  <session-config> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config>

+3

Scott Bennett-McLeish Jul 01 '15 at 14:26

source share

After adding the session cookie below to standalone.xml, I get a Session Error popup when I access the application.

 <servlet-container name="default"> <session-cookie http-only="true" secure="true"/> <jsp-config/> </servlet-container>

How to prevent a Session Error popup.

0

user8529233 Aug 28 '17 at 20:06

source share

Federico sierra · Accepted Answer · 2015-07-01T17:00:55+0000

Try the following command via jboss-cli:

/subsystem=undertow/servlet-container=default/setting=session-cookie:add(http-only=true,secure=true)

or in your standalone.xml:

 <servlet-container name="default"> <session-cookie http-only="true" secure="true"/> <jsp-config/> </servlet-container>

ref: http://wildscribe.imtqy.com/Wildfly/8.2.0.Final/subsystem/undertow/servlet-container/setting/session-cookie/index.html

How to activate secure cookies in Wildfly?

More articles: