Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 9.4.5 HttpOnly.

That is a good point.

On May 18, 2017 14:39, "Lord Buddha" <lord.buddha@xxxxxxxxx> wrote:
It was user error.  Path to it in app context XML was wrong.  Sorry.

But should we really need to point at it explicitly when in jetty.base/etc 

On 19 May 2017 1:12 am, "Jan Bartel" <janb@xxxxxxxxxxx> wrote:
Make sure the xml file you put in $jetty.base/webapps is called the same as your war:  for example if your war is called "foo.war" call the xml file "foo.xml" so the deployer knows they're related.

In it, you can call any of the getters and setters on the org.eclipse.jetty.webapp.WebAppContext:  the method you want to look at is "setDefaultsDescriptor(String location)": https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java#L1105

To put it in xml do:

<Set name="defaultsDescriptor"><Property name="jetty.base" default="."/>/etc/webdefault.xml</Set>

Jan

On 18 May 2017 at 14:49, Hoffman, Richard D. <RDHoffman@securemissionsolutions.com> wrote:

No. How should I do that?


Richard Hoffman, PhD
Software Developer, Principal
U.S. Army Research Laboratory
Contractor, Secure Mission Solutions, a Parsons Company
Phone: 410-306-4906
richard.d.hoffman37.ctr@mail.mil
rdhoffman@securemissionsolutions.com


From: jetty-users-bounces@xxxxxxxxxxg <jetty-users-bounces@eclipse.org> on behalf of Jan Bartel <janb@xxxxxxxxxxx>
Sent: Thursday, May 18, 2017 3:29 AM
To: JETTY user mailing list
Subject: Re: [jetty-users] Jetty 9.4.5 HttpOnly.
 
Actually don't bother following my suggestion, I've checked the code and I can't reproduce the problem at all.  Are you sure you've told your webapp to use $jetty.base/etc/webdefault.xml as its defaultsdescriptor?

Jan

On 18 May 2017 at 09:02, Jan Bartel <janb@xxxxxxxxxxx> wrote:
Have you tried specifying <name>JSESSIONID</name> or whatever the name of the cookie is that you want to use inside the <cookie-config>? Let me know if that works, I'll see if we're not defaulting it to JSESSIONID if not supplied.

Jan

On 18 May 2017 at 01:07, Lord Buddha <lord.buddha@xxxxxxxxx> wrote:
Is it/should it possible to use jetty.base/etc/webdefault.xml to default the setting of HttpOnly to true for the session cookie.

Have tried

  <session-config>
    <session-timeout>30</session-timeout>
    <cookie-config>
      <http-only>true</http-only>
    </cookie-config>
  </session-config>

and

  <session-config>
    <session-timeout>30</session-timeout>
    <http-only>true</http-only>
  </session-config>

or is there some other alternate besides doing in the apps web.xml ?

/David

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD




--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top