Versions Compared

Old Version 1

changes.mady.by.user Benito Gonzalez

Saved on

compared with

New Version Current

changes.mady.by.user Benito Gonzalez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To prevent cookies from being sent over a non-secure connection, the Secure cookie attribute will need to be set (RFC6265).

Warning

This is dependent on UP-4561.

Note

This is NOT configured to true, by default, to allow demo and test functionality over port 8080 (non-secure).

...

Code Block
languagexml
titleweb.xml snippet
<session-config>
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
</session-config>

 

This will be configurable in the environment properties files (i.e. filters/local.properties).

Code Block
languagejava
titlefilters/local.properties
secureSessionCookie=false

Secure Cookies for Portlets

Portlet cookies require a different mechanism due to their dynamic nature. To enable secure cookies for portlets, the following needs to be added to portal.properties.

Code Block
languagejava
titleuportal-war/src/main/resources/properties/portal.properties
org.jasig.portal.portlet.container.services.PortletCookieServiceImpl.portalCookieAlwaysSecure=true 

...