Skip to content
Snippets Groups Projects
Commit 29437a25 authored by felmer's avatar felmer
Browse files

SSDM-6285: also for DSS: setting for all cookies httpOnly=true and secure=true

parent 842e7767
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
+ 2
0
View file @ 29437a25
...@@ -251,6 +251,8 @@ public class DataStoreServer ...@@ -251,6 +251,8 @@ public class DataStoreServer
ServiceProvider.getApplicationContext()); ServiceProvider.getApplicationContext());
// Disable URL rewriting (forces container to stop appending ";jsessionid=xxx" to urls) // Disable URL rewriting (forces container to stop appending ";jsessionid=xxx" to urls)
// to avoid mistakes in URL parsing by download servlets // to avoid mistakes in URL parsing by download servlets
servletContextHandler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true);
servletContextHandler.getSessionHandler().getSessionCookieConfig().setSecure(true);
servletContextHandler.getSessionHandler() servletContextHandler.getSessionHandler()
.setSessionIdPathParameterName(null); .setSessionIdPathParameterName(null);
String applicationName = "/" + DATA_STORE_SERVER_WEB_APPLICATION_NAME; String applicationName = "/" + DATA_STORE_SERVER_WEB_APPLICATION_NAME;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment