That's a lot of major versions to skip.
> Jetty versioning reminder (since 1995) - <servlet_support>.<major_version>.<minor_version>
You essentially jumped 14 major versions from 7.0 to 9.4.
org.eclipse.jetty.deploy.WebAppDeployer
That doesn't exist in the same way any more.
It's now a DeploymentManager with a AppProvider (in your case a WebAppProvider)
See embedded jetty examples for this setup at:
The upgrade from Jetty 7 to 9 also upgraded your servlet support from 2.4 to 3.1 (a jump of 3 versions)
The Servlet 3.0 update introduced a javax.servlet.SessionCookieConfig where that kind of configuration is now present.
WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
sm = sh.getSessionIdManager();
if ( sm != null ) {
AbstractSessionManager asm = (AbstractSessionManager) sm;
asm.setHttpOnly( true ); // <-- Lets take a look at this one
asm.setSecureCookies( true );
asm.setSessionIdPathParameterName( null );
asm.setUsingCookies( true );
}
}
In embedded-jetty you can use ...
wc.getSessionHandler().getSessionCookieConfig().setHttpOnly(httpOnly);
or you can even use the WEB-INF/web.xml (since you are using the WebAppContext).
Just set ...
Also, don't forget to browse around the other embedded-jetty examples at both ...