The upcoming GlassFish V2.1 release adds support for a new cookie property named "cookieSecure", which may be specified in sun-web.xml, as follows:
<sun-web-app>
<session-config>
<cookie-properties>
<property name="cookieSecure" value="[true|false|dynamic]" />
</cookie-properties>
</session-config>
</sun-web-app>
with the following semantics:
- "true":
Sets the Secure attribute of any JSESSION or JSESSIONIDSSO
cookies associated with the web application to "true"
- "false":
Sets the Secure attribute of any JSESSION or JSESSIONIDSSO
cookies associated with the web application to "false"
- "dynamic":
Has the Secure attribute of any JSESSION or JSESSIONIDSSO
cookie associated with the web application inherit the
security setting of the request that caused the cookie to be
generated
The next release of the Servlet specification (Servlet 3.0) will add a standard mechanism for configuring session tracking cookies that will also cover the above configuration aspect. This is what the link you mentioned:
http://wiki.glassfish.java.net/Wiki.jsp?page=SessionTrackingCookieConfig
is referring to.
Jan
[Message sent by forum member 'jluehe' (jluehe)]
http://forums.java.net/jive/thread.jspa?messageID=273213