Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Alireza Zare
Setting HttpOnly and secure cookie flags in Liferay?
October 4, 2012 12:18 AM
Answer

Alireza Zare

Rank: Regular Member

Posts: 110

Join Date: September 3, 2010

Recent Posts

Does anyone know how to set HttpOnly and secure cookie flas in Liferay?
Alireza Zare
RE: Setting HttpOnly and secure cookie flags in Liferay?
October 4, 2012 1:30 AM
Answer

Alireza Zare

Rank: Regular Member

Posts: 110

Join Date: September 3, 2010

Recent Posts

Can anyone confirm that one of the following methods will work for Liferay:

a. The httpOnly functionality can be enabled for all webapps in conf/context.xml:

<Context useHttpOnly="true">
...
</Context>

b. Writing a servlet filter to overwrite the session cookie:

private void rewriteCookieToHeader(HttpServletRequest request, HttpServletResponse response) {
if (response.containsHeader("SET-COOKIE")) {
String sessionid = request.getSession().getId();
String contextPath = request.getContextPath();
String secure = "";
if (request.isSecure()) {
secure = "; Secure";
}
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid
+ "; Path=" + contextPath + "; HttpOnly" + secure);
}
}
Jason Roscoe
RE: Setting HttpOnly and secure cookie flags in Liferay?
November 20, 2012 6:37 AM
Answer

Jason Roscoe

Rank: Junior Member

Posts: 76

Join Date: October 23, 2008

Recent Posts

I believe that will work for the JSESSIONID cookie, but how would we use this for ALL cookies that Liferay sets once a user logs in, like COMPANY_ID, ID, PASSWORD, REMEMBER_ME, LOGIN, SCREEN_NAME?

Thanks.
Sushil Saini
RE: Setting HttpOnly and secure cookie flags in Liferay?
November 21, 2012 9:26 PM
Answer

Sushil Saini

Rank: Regular Member

Posts: 104

Join Date: July 27, 2011

Recent Posts

Hi Alireza,

I am using the option (a) to make the jsession id httpOnly it works fine. Didn't tried option 2.

Cheers
Sushil Saini
Arun Pandian
RE: Setting HttpOnly and secure cookie flags in Liferay?
July 14, 2015 2:20 AM
Answer

Arun Pandian

Rank: New Member

Posts: 3

Join Date: June 17, 2015

Recent Posts

Where should i find the context.xml file..