how to enable csfcfc cookie on EAP 7
Environment
- Red Hat JBoss Enterprise Application Platform
- 7.1.x
Issue
- After the configuring secure attribute in the web.xml, I confirmed JSESSIONID is secured but csfcfc is not changed.
- Which component uses csfcfc cookie on EAP?
Resolution
- To enable cookie
csfcfcsecure, need to addsecure="true"in the http-listener.
:
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" secure="true" redirect-socket="https" enable-http2="true"/>
:
Root Cause
- csfcfc Cookie is used in JSF moudle(ELFlash class) and so to make it secure, we need to configure in http-listener, too.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments