0 Replies Latest reply on Dec 11, 2014 4:37 PM by NathanielElliott

    How: Securing the Cookie - JSESSIONID


      Just thought I would pass this information out. After we did a vulnerability test on a system we noticed the following:

      1. Login to the Jive
      2. Look at the Cookies

      Note: JSESSIONID cookie has secure flag set to "no".

      So, thanks to Ben Dukleth, we learned how to make this update:

      Edit - web.xml







      Hope this helps others!