Just thought I would pass this information out. After we did a vulnerability test on a system we noticed the following:
Note: JSESSIONID cookie has secure flag set to "no".
So, thanks to Ben Dukleth, we learned how to make this update:
Edit - web.xml
Hope this helps others!
Retrieving data ...