[jetty-users] Need help with how Jetty handles Secure cookies for webapp

[Ike Ikonne <iikonne@xxxxxxxxxx>]

Hi all, 

I sent this before, but got no response,
 so I am resending ...

I have an embedded Jetty that serves primarily dynamic content via
jsf pages.  This application uses SSL for all requests, we have put
code 
to tell Jetty to always set the HttpOnly and Secure cookie option, but
it appears that it does this only on some requests, what must I do to
tell Jetty to always set these flags in all responses back to the client

Here is my code snippet: 

WebAppContext wc = (WebAppContext)hl; 
SessionHandler sh = wc.getSessionHandler(); 
SessionManager sm = null; 
if (sh != null) sm = sh.getSessionManager(); 
if (sm != null && sm instanceof AbstractSessionManager) {
        AbstractSessionManager asm = (AbstractSessionManager)sm;
        asm.setHttpOnly(true);
        asm.setSecureCookies(true);
        asm.setSessionIdPathParameterName(null);
} 

Thanks, 

Ike __________