Antonio Sanso created FELIX-5099: ------------------------------------ Summary: JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes Key: FELIX-5099 URL: https://issues.apache.org/jira/browse/FELIX-5099 Project: Felix Issue Type: Bug Components: HTTP Service Reporter: Antonio Sanso
The session Cookie JSESSIONID has not the attributes HttpOnly and Secure; There is already a pull request to address the HttpOnly case in https://github.com/apache/felix/pull/12/files Same approach can be used to address the secure flag -- This message was sent by Atlassian JIRA (v6.3.4#6332)