Versions Compared

Old Version 9

changes.mady.by.user Unknown User (s.wartenberg)

Saved on

compared with

New Version 10

changes.mady.by.user Felix Janssen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
linenumberstrue
<web-app ...>
	<session-config>
		<secure>true</secure>
	</session-config>
</web-app>

For R10-R14 you can set the environment variabele BLUERIQvariable BLUERIQ_SECURE_SESSION_COOKIE to true.

Code Block
languagexmltext
linenumberstrue
BLUERIQ_SECURE_SESSION_COOKIE=true

...

For R14.7 and newer, you can set a property.
 Code Block
languagetext
titleapplication.properties
blueriq.session.cookie.secure=true
.NET Runtime
In the .NET Runtime there is no difference in in the way of securing the cookie between R10 and R9 or older versions. 
...
 Note
The Blueriq cookie is not secured by default. Securing the cookie should take place on the same location where the SSL offloading is done. The reason behind this, is because it is not possible to send a cookie with the secure flag set over an unencrypted HTTP request. For example, if the SSL offloading is done by the loadbalancer, here the secure flag should be enabled and disabled.
The only use case to enable the secure flag as specified above is when offloading takes place on the application server where the Runtime is deployed (Tomcat, JBoss, Websphere).
...

Timeout
In this section we will explain how to set the session timeout depending on the Blueriq Runtime you are using. (Java or .NET version)
...
 Info
If you are upgrading from R9 to R10 pay attention to the session timeout measurement unit. If in R9 or older versions, the value is specified in minutes, in R10 the value is specified in seconds.
...

.NET Runtime
In the .NET Runtime there is no difference in in the way of specifying the session timeout between R10 and R9 or older versions. 
...