Adding secure and httponly attributes to JSESSIONID cookie

Avatar

Avatar
Give Back
Level 2
Amuthesan
Level 2

Likes

6 likes

Total Posts

9 posts

Correct reply

2 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile

Avatar
Give Back
Level 2
Amuthesan
Level 2

Likes

6 likes

Total Posts

9 posts

Correct reply

2 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile
Amuthesan
Level 2

09-02-2017

Hi All,

We have used session from request to store few data. When we access the session, it generates JSESSIONID cookie. But the generated JSESSIONID cookie does not have cookie attributes "secure" and "httponly".

Can anyone please provide me pointers on how to add these flags to the JSESSIONID cookie in AEM.

Thanks in advance,

Amuthesan

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

10-02-2017

Avatar

Avatar
Give Back
Level 2
Amuthesan
Level 2

Likes

6 likes

Total Posts

9 posts

Correct reply

2 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile

Avatar
Give Back
Level 2
Amuthesan
Level 2

Likes

6 likes

Total Posts

9 posts

Correct reply

2 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile
Amuthesan
Level 2

12-02-2017

Hi Scott,

Thanks for the reply. 

We are currently offloading the SSL at the dispatcher level and the communication with AEM is non SSL. And also if we enable the SSL for the AEM, all the cookies would be made secure and httponly, we do not want that. We want only the JSESSIONID cookie to be made secure. As we understand the cookie is created and managed by container, Is there any configuration/input that can be made to the container to create the cookie with the secure and httponly.

Thanks,

Amuthesan

Avatar

Avatar
Applaud 25
Level 2
Shaheena_Sheikh
Level 2

Likes

2 likes

Total Posts

97 posts

Correct reply

1 solution
Top badges earned
Applaud 25
Applaud 5
Affirm 1
Validate 10
Validate 1
View profile

Avatar
Applaud 25
Level 2
Shaheena_Sheikh
Level 2

Likes

2 likes

Total Posts

97 posts

Correct reply

1 solution
Top badges earned
Applaud 25
Applaud 5
Affirm 1
Validate 10
Validate 1
View profile
Shaheena_Sheikh
Level 2

23-02-2021

Did you find a solution to this?