0 Replies Latest reply on Dec 11, 2014 4:37 PM by NathanielElliott

    How: Securing the Cookie - JSESSIONID

    NathanielElliott

      Just thought I would pass this information out. After we did a vulnerability test on a system we noticed the following:

      1. Login to the Jive
      2. Look at the Cookies


      Note: JSESSIONID cookie has secure flag set to "no".


      So, thanks to Ben Dukleth, we learned how to make this update:


      Edit - web.xml

           <session-config>

           <cookie-config>

           <http-only>true</http-only>

           <secure>true</secure>

           </cookie-config>

           </session-config>


      Hope this helps others!