[Jetty-support] SSL secure cookie mod_proxy

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm sure this problem has been answered, but for the life of me, I can't
find it. I have a fairly standard configuration:

Browser <----> HTTPS Apache <----> HTTP Jetty

+

X-Forwarded-Scheme "https"

+

Jetty configured to have "forwarded" set to true.

Previously, we had used Tomcat + mod_jk/ajp and that configuration
automagically set our cookies to Secure Cookies, forcing the cookie to only
be presented by the browser when connected to a secure endpoint.

After switching to the above Jetty configuration, Jetty does not set the
Secure Cookies flag since the incoming connection is HTTP. What is the
recommend solution here? Do I switch to using ajp (not recommended according
to the docs)?

Thank you,
Tarun