1 Reply Latest reply: Aug 6, 2014 7:48 AM by Faisal Khan RSS

    Cookie secure is not being created

    287e1579-d5da-4999-ae7c-fc3361fc3429

      Hi,

       

      I want to secure my cookie, so I set the following configuration on my weblogic.xml:


      <wls:session-descriptor>

           <wls:persistent-store-type>replicated_if_clustered</wls:persistent-store-type>

           <wls:cookie-http-only>true</wls:cookie-http-only>

           <wls:cookie-secure>true</wls:cookie-secure>

           <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>

      </wls:session-descriptor>

       

      The problem is the jsessionid cookie is not secured and there is no other cookie (secure or non secure) being created.

       

      I have read that when cookie-secure is set to true, weblogic creates a https connection, but in my case it remains over http.

       

      Thanks in advance.