Hi, We are still facing this issue. Can someone please help us?
Thanks & Regards Amit On Fri, Jan 1, 2021 at 8:22 PM Amit Khosla <amitkhosla.j...@gmail.com> wrote: > Thanks for reply! > > We did changes in <CATALINA_HOME>/conf/web.xml. > But when the changes did not reflect, we made changes in specific app as > well. But we could not see the cookie as secure. > > We verified by the response headers seen in chrome developer tool. The > cookie JSESSIONID does not have a secure flag. > > By the way, Happy New Year! > > On Thu, Dec 31, 2020 at 5:01 PM Darryl Lewis <darryl.le...@unsw.edu.au> > wrote: > >> >> Did you make the changes to <CATALINA_HOME>/conf/web.xml ? It seems you >> may have made them just to that specific our_app application >> >> Are you sure you are testing it correctly? >> Can you try https://gf.dev/http-headers-test >> >> >> On 31/12/20, 8:29 pm, "Amit Khosla" <amitkhosla.j...@gmail.com> wrote: >> >> Thanks for reply, >> we did restarted server while trying. The issue is still there even >> after >> restart. >> >> On Thu, Dec 31, 2020 at 11:14 AM Darryl Lewis < >> darryl.le...@unsw.edu.au> >> wrote: >> >> > <session-config> >> > <cookie-config> >> > <http-only>true</http-only> >> > <secure>true</secure> >> > </cookie-config> >> > </session-config> >> > >> > Restart the server. >> > >> > On 31/12/20, 3:50 pm, "Amit Khosla" <amitkhosla.j...@gmail.com> >> wrote: >> > >> > Hi Team, >> > >> > >> > >> > As we are looking forward for JSESSIONID to be secure. >> > >> > >> > >> > We made changes in web.xml in tomcat/conf >> > >> > <session-config> >> > >> > <cookie-config> >> > >> > <http-only>true</http-only> >> > >> > <secure>true</secure> >> > >> > </cookie-config> >> > >> > </session-config> >> > >> > >> > >> > But even after the changes, we are not able to get the >> JSESSIONID >> > cookie as >> > secure. >> > >> > We also tried changes in web.xml of our application, i.e, >> > tomcat/webapps/our_app/WEB-INF/web.xml; but still we are not >> getting it >> > secure. >> > >> > >> > >> > Tomcat version we are using is 8.5.53. >> > >> > We are getting same issue on windows as well as linux machine. >> > >> > >> > >> > Can you please guide us what can be done as this is required as >> per >> > security compliance? >> > >> > >> > >> > Thanks & Regards >> > >> > Amit >> > >> > >> >> -- >> Thanks & Regards >> Amit Khosla >> >> > > -- > Thanks & Regards > Amit Khosla > -- Thanks & Regards Amit Khosla Ph: 9911797132
