Hi,
While developing a java application I am stuck up with one issue. Was
wondering if anyone with java development and applications security
background here can help me out.
The web application is over https so I need to set secure flag for session
cookie. In my jsp java project i have implemented the
cookie.setSecure(true) thing right after the user authentication is
successful and session is created. I have also given cookie-secure flag as
true in weblogic.xml. It actually forces my web application to work only on
HTTPS, not on HTTP. but in proxy tool, the word 'secure' is not seen
anywhere in session id which is what our penetration testers are expecting.
Does anybody know to achieve this?
Hi,
While developing a java application I am stuck up with one issue. Was
wondering if anyone with java development and applications security
background here can help me out.
The web application is over https so I need to set secure flag for session
cookie. In my jsp java project i have implemented the
cookie.setSecure(true) thing right after the user authentication is
successful and session is created. I have also given cookie-secure flag as
true in weblogic.xml. It actually forces my web application to work only on
HTTPS, not on HTTP. but in proxy tool, the word 'secure' is not seen
anywhere in session id which is what our penetration testers are expecting.
Does anybody know to achieve this?