Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

How to set secure flag for session cookie

SS
sarvesh shete
Fri, Jun 7, 2013 1:10 PM

Hi,

While developing a java application I am stuck up with one issue. Was
wondering if anyone with java development and applications security
background here can help me out.
The web application is over https so I need to set secure flag for session
cookie. In my jsp java project i have implemented the
cookie.setSecure(true) thing right after the user authentication is
successful and session is created. I have also given cookie-secure flag as
true in weblogic.xml. It actually forces my web application to work only on
HTTPS, not on HTTP. but in proxy tool, the word 'secure' is not seen
anywhere in session id which is what our penetration testers are expecting.
Does anybody know to achieve this?

Hi, While developing a java application I am stuck up with one issue. Was wondering if anyone with java development and applications security background here can help me out. The web application is over https so I need to set secure flag for session cookie. In my jsp java project i have implemented the cookie.setSecure(true) thing right after the user authentication is successful and session is created. I have also given cookie-secure flag as true in weblogic.xml. It actually forces my web application to work only on HTTPS, not on HTTP. but in proxy tool, the word 'secure' is not seen anywhere in session id which is what our penetration testers are expecting. Does anybody know to achieve this?
Empathy v1.0   2024 ©Harmonylists.com