I'm looking for a solution similar to this: httpOnly Session Cookie + Servlet 3.0 (e.g. Glassfish v3)
I want to turn the HTTP headers: http-only and Secure off so that authentication with https carries across to http requests.
However, 1 Relating to the other post. I am not using servlet 3.0. I may be willing to try to use servlet 3.0 if there was decent documentation somewhere on how to migrate an intellij project from serverl 2.5 to 3.0. It does not seem obvious how to use this. Changing my maven pom to javax.servlet 3.0 and then editing my web.xml version to 3.0 doesn't work. Gives a facet-error on the 3.0 version. Sigh.
- This is my primary approach to solve this. I edited domains/domain1/config for default-web.xml and domain.xml to what I thought would work but it doesn't. Oracle's documentation does not seem very clear to me on this.
domain.xml
<web-container>
<session-config>
<session-manager>
<manager-properties></manager-properties>
<store-properties></store-properties>
</session-manager>
<session-properties>
<property name="cookieSecure" value="false"></property>
<property name="cookieHttpOnly" value="false"></property>
</session-properties>
</session-config>
</web-container>
....
<configs>
<config name="server-config">
<http-service sso-enabled="true">
<access-log></access-log>
<virtual-server id="server" sso-cookie-secure="false" sso-cookie-http-only="false" network-listeners="http-listener-1,http-listener-2"></virtual-server>
<virtual-server id="__asadmin" sso-cookie-http-only="false" network-listeners="admin-listener"></virtual-server>
</http-service>
default-web.xml
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
<http-only>false</http-only>
<secure>false</secure>
</cookie-config>
<cookie-properties>
<property name="cookieSecure" value="false" />
<property name="cookieHttpOnly" value="false" />
</cookie-properties>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
