Question
How do I set a secure JSESSIONID cookie
Most of our application is accessed via SSL. We do not have
"Use J2EE Session Variables" checked the CFAdminsitrator, but have
noticed that JSESSIONID cookies are set non-secure when someone
accesses a few pages that have CF Flash forms.
Here's an example of the headers that set this cookie:
Set-Cookie: JSESSIONID=4a30b299250ac417a83654b38f6b492f35242;path=/
How can I make this cookie be set securely from the start?
We will probably be using J2EE Session Variables in the very near future for clustering so we still want the cookie to be set. Per a security audit, we can't simply resend the same cookie as secure; the initial one must be secure.
Here's an example of the headers that set this cookie:
Set-Cookie: JSESSIONID=4a30b299250ac417a83654b38f6b492f35242;path=/
How can I make this cookie be set securely from the start?
We will probably be using J2EE Session Variables in the very near future for clustering so we still want the cookie to be set. Per a security audit, we can't simply resend the same cookie as secure; the initial one must be secure.
AdChoices