This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Servlets and the fly likes Non-secure Cookie Used Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » Servlets
Bookmark "Non-secure Cookie Used" Watch "Non-secure Cookie Used" New topic

Non-secure Cookie Used

Prasanth S Pillai
Ranch Hand

Joined: Oct 28, 2009
Posts: 39
Please advise how to set a secure flag for cookies? I see lots of options in google. I have a j2ee application with apache web server & weblogic.

Where I need to do a change in order to see

Set-Cookie: var=value; httpOnly; secure

I assume it would be a webserver setting but dont know where.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63208

Have you looked at the JavaDoc for the Cookie class?

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Prasanth S Pillai
Ranch Hand

Joined: Oct 28, 2009
Posts: 39
The website -
says to use the <cookie-secure > tag in weblogic.xml to make cookie secure.
I tried it, but does not seem to be working.

has anyone tried this option? or any other working solution?
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Non-secure Cookie Used
It's not a secret anymore!