Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] How to force Jetty to set secure Cookie option

Hi all,

I have an embedded Jetty that serves primarily dynamic content via
jsf pages.  This application uses SSL for all requests, we have put code
to tell Jetty to always set the HttpOnly and Secure cookie option, but
it appears that it does this only on some requests, what must I do to
tell Jetty to always set these flags in all responses back to the client

Here is my code snippet:

WebAppContext wc = (WebAppContext)hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if (sh != null) sm = sh.getSessionManager();
if (sm != null && sm instanceof AbstractSessionManager) {
        AbstractSessionManager asm = (AbstractSessionManager)sm;



Back to the top