Re: [jetty-users] Need help with how Jetty handles Secure cookies for we

[Ike Ikonne <iikonne@xxxxxxxxxx>]

Hi all,

I need help regarding when  and
under what conditions does
Jetty sets the secure/httpOnly flag
when sending response
back to the client.  I posted  an
earlier e-mail but still have not received
any response yet.  I would appreciate
it if someone could point to
me to a resource that might help to
clarify this to me.  I have looked at
the Jetty classes that handle session
management it seems to me that
we are setting the flags correctly,
but jetty is only sending secure/httpOnly
flags on some response but not in all
of them, I would appreciate it if someone
could explain to me why that is the
case. 

Thanks,

Ike




From:      
 Ike Ikonne/Dallas/IBM@IBMUS
To:      
 jetty-users@xxxxxxxxxxx,

Date:      
 03/06/2013 09:07 AM
Subject:    
   [jetty-users]
Need help with how Jetty handles Secure cookies for      
 webapps
Sent by:    
   jetty-users-bounces@xxxxxxxxxxx

---

Hi all, 

I sent this before, but got no response,  so I am resending ...

I have an embedded Jetty that serves primarily dynamic content via
jsf pages.  This application uses SSL for all requests, we have put
code 
to tell Jetty to always set the HttpOnly and Secure cookie option, but
it appears that it does this only on some requests, what must I do to
tell Jetty to always set these flags in all responses back to the client

Here is my code snippet: 

WebAppContext wc = (WebAppContext)hl; 
SessionHandler sh = wc.getSessionHandler(); 
SessionManager sm = null; 
if (sh != null) sm = sh.getSessionManager(); 
if (sm != null && sm instanceof AbstractSessionManager) {
       AbstractSessionManager asm = (AbstractSessionManager)sm;
       asm.setHttpOnly(true); 
       asm.setSecureCookies(true); 
       asm.setSessionIdPathParameterName(null);
} 

Thanks, 

Ike _________________________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users