cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

SSL Cookie Not Used

pdkt622001
New Here ,
Jun 25, 2009 Jun 25, 2009

How could I make this j2ee session secure over ssl communication since I got SSL cookie not used error from PCI compliance report?

Please look at the below code fragments..give an idea to resolve the issue.

   <CFSET httpReq = createObject("Java","javax.servlet.http.HttpServletRequest")>
   <CFSET httpReq = GetPageContext().getRequest()>
   <CFSET httpSession = createObject("Java","javax.servlet.http.HttpSession")>
   <CFSET httpSession = httpReq.getSession()>

It creates jsessionid as cookie, it shows the following when i viewed from Mozilla browser

Name      : JSESSIONID

Send For : Any type of connection

However, the CFID, and CFTOKEN created as secure since i have put SECURE="yes" in cfcookie tag.

Please throw some light on this.

987
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 1 Reply 1
latest latest Jump to latest reply
pdkt622001
New Here ,
Jun 29, 2009 Jun 29, 2009
LATEST

Will the issue (JSESSIONID secure over SSL) be solved if I use the below configuration in web.xml which is under jrun?

<cookie-config>
<cookie-secure>true</cookie-secure>
</cookie-config>

I am not sure this will work since i am not using jrun server for my application. However, the application is running under sun java web server.

Would anyone please throw some light on this?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices