[Jetty-support] using secure Cookies in jetty4.2.24

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

>Jetty 5 and 6 have the option on the session manager to secure
>session cookies, so that if the session is created in an SSL request,
>then the secure option is set on the cookie.

>To activate this, you need to call setSecureCookies(true) on the
>session manager.

Does that mean that even if I do the stuff that I did in Jetty 4.2.24,
secureCookies in this jetty version would not work:

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Add tomcat examples web applications.                           -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Call name=3D"addWebApplication">
    <Arg>/examples/*</Arg>
    <Arg><SystemProperty name=3D"jetty.home"
default=3D"."/>/demo/webapps/examples</Arg>
    <Call name=3D"getServletHandler">
      <Call name=3D"getSessionManager">
       <!-- to enable secure cookies by David 20/12/2005 -->
         <Call name=3D"setUseRequestedId">
          <Arg type=3D"boolean">true</Arg>
         </Call>
            <Call name=3D"setSecureCookies">
          <Arg type=3D"boolean">true</Arg>
         </Call>
         <Call name=3D"setHttpOnly">
          <Arg type=3D"boolean">true</Arg>
         </Call>
      </Call>
    </Call>
  </Call>

I also tried it this way:

  <Call name=3D"getSessionManager">
          <Set name=3D"useRequestedId">false</Set> <!-- reuse sesssion ids =
?
-->
          <Set name=3D"secureCookies">true</Set>   <!-- use secure cookies =
?
-->
          <Set name=3D"httpOnly">true</Set>        <!-- use M$ http only
cookies ? -->

          <!-- uncomment to add a worker tag to the session manager
          <Set name=3D"workerName">demo0</Set>
          -->
      </Call>

But both didnt' work, However when I added the line cookie.setSecure(true)
in the CookieExample.java, I was able to use Cookies Securely.

Cheers,

David