Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list
See the List & Register

Adding secure and httponly attributes to JSESSIONID cookie

Avatar

Level 2
Level 2
‎09-02-2017 23:00 PST

Hi All,

We have used session from request to store few data. When we access the session, it generates JSESSIONID cookie. But the generated JSESSIONID cookie does not have cookie attributes "secure" and "httponly".

Can anyone please provide me pointers on how to add these flags to the JSESSIONID cookie in AEM.

Thanks in advance,

Amuthesan

Views

2.2K

Replies

3

Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Level 2
Level 2
‎12-02-2017 20:14 PST
In response to smacdonald2008

Hi Scott,

Thanks for the reply. 

We are currently offloading the SSL at the dispatcher level and the communication with AEM is non SSL. And also if we enable the SSL for the AEM, all the cookies would be made secure and httponly, we do not want that. We want only the JSESSIONID cookie to be made secure. As we understand the cookie is created and managed by container, Is there any configuration/input that can be made to the container to create the cookie with the secure and httponly.

Thanks,

Amuthesan

Views

1.7K

Replies

1

Sign in to like this content

Total Likes

Translate
Translate