Re: Not able to make JSESSIONID cookie secure

Fri, 01 Jan 2021 06:53:09 -0800 

Thanks for reply!

We did changes in <CATALINA_HOME>/conf/web.xml.
But when the changes did not reflect, we made changes in specific app as
well. But we could not see the cookie as secure.

We verified by the response headers seen in chrome developer tool. The
cookie JSESSIONID does not have a secure flag.

By the way, Happy New Year!

On Thu, Dec 31, 2020 at 5:01 PM Darryl Lewis <darryl.le...@unsw.edu.au>
wrote:

>
> Did you make the changes to <CATALINA_HOME>/conf/web.xml ? It seems you
> may have made them just to that specific our_app  application
>
> Are you sure you are testing it correctly?
> Can you try https://gf.dev/http-headers-test
>
>
> On 31/12/20, 8:29 pm, "Amit Khosla" <amitkhosla.j...@gmail.com> wrote:
>
>     Thanks for reply,
>     we did restarted server while trying. The issue is still there even
> after
>     restart.
>
>     On Thu, Dec 31, 2020 at 11:14 AM Darryl Lewis <
> darryl.le...@unsw.edu.au>
>     wrote:
>
>     > <session-config>
>     >     <cookie-config>
>     >         <http-only>true</http-only>
>     >         <secure>true</secure>
>     >     </cookie-config>
>     > </session-config>
>     >
>     > Restart the server.
>     >
>     > On 31/12/20, 3:50 pm, "Amit Khosla" <amitkhosla.j...@gmail.com>
> wrote:
>     >
>     >     Hi Team,
>     >
>     >
>     >
>     >     As we are looking forward for JSESSIONID to be secure.
>     >
>     >
>     >
>     >     We made changes in web.xml in tomcat/conf
>     >
>     >        <session-config>
>     >
>     >           <cookie-config>
>     >
>     >              <http-only>true</http-only>
>     >
>     >             <secure>true</secure>
>     >
>     >           </cookie-config>
>     >
>     >        </session-config>
>     >
>     >
>     >
>     >     But even after the changes, we are not able to get the JSESSIONID
>     > cookie as
>     >     secure.
>     >
>     >     We also tried changes in web.xml of our application, i.e,
>     >     tomcat/webapps/our_app/WEB-INF/web.xml; but still we are not
> getting it
>     >     secure.
>     >
>     >
>     >
>     >     Tomcat version we are using is 8.5.53.
>     >
>     >     We are getting same issue on windows as well as linux machine.
>     >
>     >
>     >
>     >     Can you please guide us what can be done as this is required as
> per
>     >     security compliance?
>     >
>     >
>     >
>     >     Thanks & Regards
>     >
>     >     Amit
>     >
>     >
>
>     --
>     Thanks & Regards
>     Amit Khosla
>
>

-- 
Thanks & Regards
Amit Khosla

Reply via email to