[Master] Securing cookies in JBoss middleware products and F5 BigIP

Solution Verified - Updated -

Issue

  • Cookies generated by JBoss are not setting the httpOnly flag, does JBoss intend to adopt this standard?
  • How can I enable the HttpOnly and/or Secure flags on my session cookies with EAP?
  • How can I enable the HttpOnly and/or Secure flags on my session cookies with Tomcat?
  • Can we set HttpOnly and/or Secure flags in HTTPD?
  • Is it possible to configure the SameSite flag on JSESSIONID cookies for EAP?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
  • Red Hat JBoss Core Services
  • Red Hat Enterprise Linux
  • Red Hat Software Collections
  • Red Hat JBoss Web Server (JWS)
  • Apache Web Server (HTTPD)
  • Apache Tomcat
  • F5 BigIP Hardware Load Balancer

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content