<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
Restart the server.
On 31/12/20, 3:50 pm, "Amit Khosla" <amitkhosla.j...@gmail.com> wrote:
Hi Team,
As we are looking forward for JSESSIONID to be secure.
We made changes in web.xml in tomcat/conf
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
But even after the changes, we are not able to get the JSESSIONID cookie as
secure.
We also tried changes in web.xml of our application, i.e,
tomcat/webapps/our_app/WEB-INF/web.xml; but still we are not getting it
secure.
Tomcat version we are using is 8.5.53.
We are getting same issue on windows as well as linux machine.
Can you please guide us what can be done as this is required as per
security compliance?
Thanks & Regards
Amit
