Skip to main content
P
pdkt622001
Participant
June 25, 2009
Question

SSL Cookie Not Used

  • June 25, 2009
  • 1 reply
  • 1000 views

How could I make this j2ee session secure over ssl communication since I got SSL cookie not used error from PCI compliance report?

Please look at the below code fragments..give an idea to resolve the issue.

   <CFSET httpReq = createObject("Java","javax.servlet.http.HttpServletRequest")>
   <CFSET httpReq = GetPageContext().getRequest()>
   <CFSET httpSession = createObject("Java","javax.servlet.http.HttpSession")>
   <CFSET httpSession = httpReq.getSession()>

It creates jsessionid as cookie, it shows the following when i viewed from Mozilla browser

Name      : JSESSIONID

Send For : Any type of connection

However, the CFID, and CFTOKEN created as secure since i have put SECURE="yes" in cfcookie tag.

Please throw some light on this.

    This topic has been closed for replies.

    1 reply

    P
    pdkt622001Author
    Participant
    June 29, 2009

    Will the issue (JSESSIONID secure over SSL) be solved if I use the below configuration in web.xml which is under jrun?

    <cookie-config>
    <cookie-secure>true</cookie-secure>
    </cookie-config>

    I am not sure this will work since i am not using jrun server for my application. However, the application is running under sun java web server.

    Would anyone please throw some light on this?

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices