Hello,
that's great news, thanks. I've read that GF V2.1 was postponed until fall
this year. Unfortunately I cannot wait until then. Are there any "best
practices" on how one can implement this HTTP/HTTPS switch?
Regards,
Joerg
----- Original Message -----
From: <glassfish_at_javadesktop.org>
To: <users_at_glassfish.dev.java.net>
Sent: Wednesday, May 07, 2008 9:39 PM
Subject: Re: How to shareJSESSIONID Session cookie between HTTP and HTTPS?
> The upcoming GlassFish V2.1 release adds support for a new cookie property
> named "cookieSecure", which may be specified in sun-web.xml, as follows:
>
> <sun-web-app>
> <session-config>
> <cookie-properties>
> <property name="cookieSecure" value="[true|false|dynamic]" />
> </cookie-properties>
> </session-config>
> </sun-web-app>
>
> with the following semantics:
>
> - "true":
> Sets the Secure attribute of any JSESSION or JSESSIONIDSSO
> cookies associated with the web application to "true"
>
> - "false":
> Sets the Secure attribute of any JSESSION or JSESSIONIDSSO
> cookies associated with the web application to "false"
>
> - "dynamic":
> Has the Secure attribute of any JSESSION or JSESSIONIDSSO
> cookie associated with the web application inherit the
> security setting of the request that caused the cookie to be
> generated
>
> The next release of the Servlet specification (Servlet 3.0) will add a
> standard mechanism for configuring session tracking cookies that will also
> cover the above configuration aspect. This is what the link you mentioned:
>
> http://wiki.glassfish.java.net/Wiki.jsp?page=SessionTrackingCookieConfig
>
> is referring to.
>
> Jan
> [Message sent by forum member 'jluehe' (jluehe)]
>
> http://forums.java.net/jive/thread.jspa?messageID=273213
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>