Secure flag missing

Document ID : KB000010453
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Secure flag is missing on session cookie

Instructions:

1. Service apiportal stop

2. Edit the file server/conf/server.xml


Add secure="true" attribute to <Connector port="37080">


Example:
<Connector port="37080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="50443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
compression="on"
compressableMimeType="text/plain,text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript"
secure="true"
/>


useHttpOnly="true" is safe to use for all installations while secure="true" should only be used if the SSL is being used exclusively.

3. Service apiportal start