Cookies, Tomcat

1. How to enable secure cookies in an application.  Include below config in web.xml at the top level.

  <session-config>
    <cookie-config>
      <http-only>true</http-only>
      <secure>true</secure>
    </cookie-config>
  </session-config>


Once you do that , you will have request server to set secure cookies or http only cookies and it will set those . Without this config , even if you request server to set secure cookies or http only cookies , it wont do it.  This is true at least for Tomcat.

2. Some versions of  Tomcat remove trailing =  in cookies. 

To stop Tomcat from removing the trailing "="  signs, start Tomcat with  "-Dorg.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE=true"  option.eds

Comments

Popular posts from this blog

SQL

Analytics

DBeaver