[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972855#comment-16972855 ]
Charles Smiht commented on GEODE-7438: -------------------------------------- I realized as I was fixing the integration tests I had broken that SessionCookieConfig is a Servlet 3.0 feature. Since Servlet 2.4 is pretty old at this point would bumping Geode's AppServer support to Servlet 3.0 spec be a consideration? > Session cookie set does not reflect the context's SessionCookieConfig > --------------------------------------------------------------------- > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session > Reporter: Charles Smiht > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)