Hi,
What is the right way to set cookie secureflag in jmix web application. I have tried setting server.servlet.session.cookie.secure=true
as well as
server.servlet.session.cookie.http-only=true
in application.properties file but does not wok. Please suggest a workaround.
Hi,
Why do you say that these properties don’t work? I’ve just tried to set it in application.properties and they seem to be working fine:
Hi Maxim,
Thanks for the reply.
The problem here is when I run the project from IDE on localhost is showing cookie secure, but when same project is exported to boot war and deployed on tomcat cookie secure flag is shown false.
Hi,
Quick googling gave me the solution to modify the tomcat/conf/web.xml to make tomcat always secure session cookies:
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
See java - Forcing Tomcat to use secure JSESSIONID cookie over http - Stack Overflow
It Worked, Thanks