Page History
Info |
---|
This guide applies to the Java runtime and the Publisher. |
Introduction
Setting the Secure flag on the session cookie will ensure that the session will not be transmitted in plain text over HTTP connections. For information on this flag see https://www.owasp.org/index.php/SecureFlag.
This setting should always be enabled when using HTTPS. Tomcat 6+ sets the Secure flag by default whenever HTTPS is used, but the flag can be explicitly set by the application regardless of the server implementation. This guide details the procedure of enabling this feature.
...
Info | ||
---|---|---|
| ||
Note that enabling Enabling this feature on a HTTP connection will cause the session cookie not to be sent to the client, effectively making the application unusable. |
...
Overview
Content Tools