Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

To prevent cookies from being sent over a non-secure connection, the Secure cookie attribute will need to be set (RFC6265).

This is NOT configured to true, by default, to allow demo and test functionality over port 8080 (non-secure).

Secure Cookies for uPortal

This feature is managed by the container (i.e. Tomcat) via configuration in web.xml.

web.xml snippet
<session-config>
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
</session-config>

Secure Cookies for Portlets

Portlet cookies require a different mechanism due to their dynamic nature. To enable secure cookies for portlets, the following needs to be added to portal.properties

uportal-war/src/main/resources/properties/portal.properties
org.jasig.portal.portlet.container.services.PortletCookieServiceImpl.portalCookieAlwaysSecure=true 

 

 

 

  • No labels