FYI:How to fix 'JSESSIONID is not set secure in HTTPS protcol'

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: $B??V:(J $B?8(J <susumu.majima_at_mail.rakuten.co.jp>
Date: Tue, 24 Jun 2008 17:49:36 +0900

FYI

Hello,

We have been strugling with JSESSIONID problem. Finally We find fix point.

We use apache and glassfish and specify jvmRoute for connecting apache and glassfish instance.
If we use jvmRoute glassfish use JSESSIONID cookie. We tried to check JSESSION cookie is secure in
HTTPS protocol.
But it not work properlly. We find fix point in glassfish source. It's javax.servlet.http.Cookie.OutputBuffer.java
In that source JSESSIONID is set secure if protocol is secure. We fix source code and the problem is gone.

In method private void addSessionCookieWithJvmRoute() we add below at line 704 of OutputBuffer,java

        if (req.isSecure()) {
            cookie.setSecure(true);
        }

It's just information who is strugling with the same problem.

I repoert it to the community.
https://glassfish.dev.java.net/issues/show_bug.cgi?id=5200

Regards,

Susumu Majima