Versions Compared

Old Version 1

changes.mady.by.user Unknown User (radu.batori)

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (radu.batori)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This guide applies to the Java runtime and the Publisher.

Introduction

Setting the Secure flag on the session cookie will ensure that the session will not be transmitted in plain text over HTTP connections. For information on this flag see https://www.owasp.org/index.php/SecureFlag.

This setting should always be enabled when using HTTPS. Tomcat 6+ sets the Secure flag by default whenever HTTPS is used, but the flag can be explicitly set by the application regardless of the server implementation. This guide details the procedure of enabling this feature.

...

 

Info
titleWarning

Note that enabling Enabling this feature on a HTTP connection will cause the session cookie not to be sent to the client, effectively making the application unusable.

...