| Re: [jetty-users] Jetty 9.4.5 HttpOnly. |
JanTo put it in xml do:In it, you can call any of the getters and setters on the org.eclipse.jetty.webapp.Here's a starting point for you: https://www.eclipse.org/jetty/Make sure the xml file you put in $jetty.base/webapps is called the same as your war: for example if your war is called "foo.war" call the xml file "foo.xml" so the deployer knows they're related.documentation/9.4.5.v20170502/ configuring-specific-webapp- deployment.html WebAppContext: the method you want to look at is "setDefaultsDescriptor(String location)": https://github.com/eclipse/ jetty.project/blob/jetty-9.4. x/jetty-webapp/src/main/java/ org/eclipse/jetty/webapp/ WebAppContext.java#L1105
<Set name="defaultsDescriptor"><Property name="jetty.base" default="."/>/etc/webdefault. xml</Set> On 18 May 2017 at 14:49, Hoffman, Richard D. <RDHoffman@securemissionsolutions.com > wrote:No. How should I do that?
Richard Hoffman, PhDSoftware Developer, Principal
U.S. Army Research Laboratory
Contractor, Secure Mission Solutions, a Parsons Company
Phone: 410-306-4906
richard.d.hoffman37.ctr@mail.mil
rdhoffman@securemissionsolutions.com
From: jetty-users-bounces@xxxxxxxxxxg <jetty-users-bounces@eclipse.org > on behalf of Jan Bartel <janb@xxxxxxxxxxx>
Sent: Thursday, May 18, 2017 3:29 AM
To: JETTY user mailing list
Subject: Re: [jetty-users] Jetty 9.4.5 HttpOnly.Actually don't bother following my suggestion, I've checked the code and I can't reproduce the problem at all. Are you sure you've told your webapp to use $jetty.base/etc/webdefault.xml as its defaultsdescriptor?Jan
On 18 May 2017 at 09:02, Jan Bartel <janb@xxxxxxxxxxx> wrote:
Have you tried specifying <name>JSESSIONID</name> or whatever the name of the cookie is that you want to use inside the <cookie-config>? Let me know if that works, I'll see if we're not defaulting it to JSESSIONID if not supplied.Jan
On 18 May 2017 at 01:07, Lord Buddha <lord.buddha@xxxxxxxxx> wrote:
______________________________Is it/should it possible to use jetty.base/etc/webdefault.xml to default the setting of HttpOnly to true for the session cookie.
Have tried
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
and
<session-config>
<session-timeout>30</session-timeout>
<http-only>true</http-only>
</session-config>
or is there some other alternate besides doing in the apps web.xml ?
/David
_________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
--
Jan Bartel <janb@xxxxxxxxxxx>www.webtide.com
Expert assistance from the creators of Jetty and CometD
--
Jan Bartel <janb@xxxxxxxxxxx>www.webtide.com
Expert assistance from the creators of Jetty and CometD
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
--Jan Bartel <janb@xxxxxxxxxxx>www.webtide.com
Expert assistance from the creators of Jetty and CometD
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users