From: DJ M. <dj....@gm...> - 2005-12-21 08:07:30
|
>Jetty 5 and 6 have the option on the session manager to secure >session cookies, so that if the session is created in an SSL request, >then the secure option is set on the cookie. >To activate this, you need to call setSecureCookies(true) on the >session manager. Does that mean that even if I do the stuff that I did in Jetty 4.2.24, secureCookies in this jetty version would not work: <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <!-- Add tomcat examples web applications. --> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <Call name=3D"addWebApplication"> <Arg>/examples/*</Arg> <Arg><SystemProperty name=3D"jetty.home" default=3D"."/>/demo/webapps/examples</Arg> <Call name=3D"getServletHandler"> <Call name=3D"getSessionManager"> <!-- to enable secure cookies by David 20/12/2005 --> <Call name=3D"setUseRequestedId"> <Arg type=3D"boolean">true</Arg> </Call> <Call name=3D"setSecureCookies"> <Arg type=3D"boolean">true</Arg> </Call> <Call name=3D"setHttpOnly"> <Arg type=3D"boolean">true</Arg> </Call> </Call> </Call> </Call> I also tried it this way: <Call name=3D"getSessionManager"> <Set name=3D"useRequestedId">false</Set> <!-- reuse sesssion ids = ? --> <Set name=3D"secureCookies">true</Set> <!-- use secure cookies = ? --> <Set name=3D"httpOnly">true</Set> <!-- use M$ http only cookies ? --> <!-- uncomment to add a worker tag to the session manager <Set name=3D"workerName">demo0</Set> --> </Call> But both didnt' work, However when I added the line cookie.setSecure(true) in the CookieExample.java, I was able to use Cookies Securely. Cheers, David |