[Master] Securing cookies in JBoss middleware products and F5 BigIP
Issue
- Cookies generated by JBoss are not setting the
httpOnly
flag, does JBoss intend to adopt this standard? - How can I enable the
HttpOnly
and/or Secure flags on my session cookies with EAP? - How can I enable the
HttpOnly
and/or Secure flags on my session cookies with Tomcat? - Can we set
HttpOnly
and/or Secure flags in HTTPD? - Is it possible to configure the
SameSite
flag on JSESSIONID cookies for EAP?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- Red Hat JBoss Core Services
- Red Hat Enterprise Linux
- Red Hat Software Collections
- Red Hat JBoss Web Server (JWS)
- Apache Web Server (HTTPD)
- Apache Tomcat
- F5 BigIP Hardware Load Balancer
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.