Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] What's wrong with this secureCookie configuration?

Thanks for your help/diagnosis yesterday, gentlemen.

It looks like I'll need to go with Jan's original suggestion of the session-config/cookie-config web.xml settings.

I googled but can't find an obvious answer:  can I deploy a servlet=3.0 web.xml into a jetty 6.1.22 container to use the <session-config> syntax?  I just tried it on a test server and it appeared to load the WAR okay, but wanted to ask the experts before I assumed that was a viable option.

Thanks again for all the help,
Tom



On Thu, Feb 13, 2014 at 6:49 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
Jetty 8.x is Servlet 3.0, its easier to use the standard location in the WEB-INF/web.xml of your webapp.

<session-config>
 <cookie-config>
  <secure>true</secure>
 </cookie-config>
</session-config>


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Thu, Feb 13, 2014 at 4:37 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
Hi -

I'm upgrading from jetty 6.1.22 to 8.1.8 and I've notice that the configuration for setting cookies to be secure has moved under a layer of indirection.  I'm having trouble configuring it and I'm hoping someone on this list can clue me in to what I'm doing wrong.

Basically, in 6.1.22 I could do this:

<Get name="sessionHandler">
  <Get name="sessionManager">
    <Set name="secureCookies">true</Set>
  </Get>
</Get>

In 8.1.8 it looks like the code path should be:

WebAppContext.getSessionHandler().getSessionManager().getSessionCookieConfig().setSecure(true);

Seems straight forward enough.

So here's my new context configuration:

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Get name="sessionHandler">
    <Get name="sessionManager">
      <Get name="sessionCookieConfig">
        <Set name="secure" type="boolean">true</Set> 
      </Get> 
    </Get>
  </Get>

But when I start jetty, the context dies with this error in the logs:
oejx.XmlConfiguration:Config error at true java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.AbstractSessionManager$2.setSecure(boolean)


Why is it trying to call setSecure on the sessionManager instead of the sessionManager's sessionCookieConfig?

Any thoughts?

Thanks in advance!
Tom


P.S.  this is an x-post of a stack overflow question, so if you want some karma, you can answer over there: http://stackoverflow.com/questions/21763824/setting-secure-cookies-on-jetty-6-8-upgrade

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



Back to the top