|[jetty-users] How to httpOnly and secureCookie cookie flags|
Hi all!I'm trying to set cookies created by Jetty to be secure and httpOnly in Jetty 6.1.26. So far I've found that org.mortbay.jetty.servlet.HashSessionManager (which seems to be default session manager) has setHttpOnly and setSecureCookies methods. However, calling those ones from context configuration, or from jetty-web.xml in my web app seems to have no effect - FireFox Web Developer plugin cookies tab still says something like:
Name JSESSIONID Value 4cq07v2wmoia16fvrd8k026vg Host localhost Path /myapp Secure No Expires At End Of SessionHere is part of web app's WEB-INF/jetty-web.xml (excluding doctype and xml tag) I use:
<Configure class="org.mortbay.jetty.webapp.WebAppContext"> <Get name="sessionHandler"> <Get name="sessionManager"> <Set name="httpOnly">True</Set> <Set name="secureCookies">True</Set> </Get> </Get> </Configure>Using <Call name="setHttpOnly"><Arg type="boolean">True</Arg></Call> seems to have no effect as well.
So, what am I doing wrong, and how should I set those attributes (and am I setting them in the right place)?
Thanks in advance! Alex-
Back to the top