Control HTTPOnly and secure attribute of JSESSIONID

Description

Currently, the `JSESSIONID` is automatically sent to the browser, but it is sent as `HTTPOnly = false`. Please provide an argument to enable `HTTPOnly = true` for the `JSESSONID` as well as disabling the cookie being set entirely.

Linked GitHub issue: https://github.com/cfmlprojects/runwar/issues/100

Gliffy Diagrams

Activity

Show:

Brad Wood April 8, 2018 at 5:16 AM

app.sessionCookieSecure
app.sessionCookieHTTPOnly

Resize issue view side panel

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Brad Wood

Reporter

Eric Peterson

Fix versions

4.0.0

Priority

Minor

Components

Sentry

Created December 5, 2017 at 2:34 AM

Updated April 8, 2018 at 5:17 AM

Resolved April 8, 2018 at 5:17 AM