How to activate secure cookies in Wildfly?

Question

I’m trying to add the secure flag to my cookies for a web app in Wildfly (version 8.2). In the documentation page of the servlet container settings you’ll find that the children of the “servlet-container” are:

jsp
persistent-sessions
session-cookie
websockets

However I only have jsp and websockets. How do I access the session-cookie settings? If I can’t, how to I add the secure flag to my cookies?

UPDATE: I can’t access the web.xml files inside the wars, only wildfly configuration files.

Federico Sierra · Accepted Answer · 2015-07-01T17:11:46.457

Try following command via jboss-cli:

/subsystem=undertow/servlet-container=default/setting=session-cookie:add(http-only=true,secure=true)

or in your standalone.xml:

<servlet-container name="default">
    <session-cookie http-only="true" secure="true"/>
    <jsp-config/>
</servlet-container>

ref: http://wildscribe.github.io/Wildfly/8.2.0.Final/subsystem/undertow/servlet-container/setting/session-cookie/index.html

score 6 · Answer 2 · answered Jul 01 '15 at 14:26

6

One can easily configure the secure flag and it's security cousin http-only flag by adding the following to your web.xml.

    <session-config>
      <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
      </cookie-config>
    </session-config>

answered Jul 01 '15 at 14:26

Scott Bennett-McLeish

9,187
11
41
47

2

Also set `COOKIE` to avoid appending to url – ring bearer Jul 01 '15 at 15:27
I have no power over the developer team. – gurghet Jul 01 '15 at 15:34

How to activate secure cookies in Wildfly?

2 Answers2