2016/08/01

Cookie config in servlet web app

I want to change session cookie name, make it secure and httpOnly. So, apparently this should be done via the web.xml file.
Based in Servlet Programming techniques - cookie-config (Japanese) I edited the src/main/webapp/WEB-INF/web.xml file:
<web-app version="3.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemalocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <session-config>
        <cookie-config>
            <name>SASSESSION</name>
            <http-only>true</http-only>
            <secure>true</secure>
        </cookie-config>
    </session-config>

</web-app>
Now we have a customized session cookie:
curl -D - -o /dev/null http://localhost:9080/MyContext
...
X-Powered-By: Servlet/3.1
...
Set-Cookie: SASSESSION=0000GEg4qyTVnFKTdrdFjUC8eK0:5e81c98f-2566-49b3-9d72-b0efc4489ff8; Path=/; Secure; HttpOnly
...

Notes

0 comments :