It's all about the answers!

Ask a question

How to add the 'Secure' attribute to all sensitive cookies in apache tomcat to fix Missing Secure Attribute in Encrypted Session (SSL) Cookie


Sajjad Ali Khan (311951) | asked Sep 15 '15, 5:18 a.m.
Hi All,

Can anyone please help me to add the 'Secure' attribute to all sensitive cookies in apache tomcat to fix "Missing Secure Attribute in Encrypted Session (SSL) Cookie" vulnerability of tomcat 7.0.64

Regards,
Sajjad.

One answer



permanent link
Kevin Ramer (4.5k6167186) | answered Sep 15 '15, 2:26 p.m.
There are tons of discussions on this in the wild-wild web.   Most speak to configuration changes on the server.  

http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/209/0/securing-session-cookies-in-tomcat-with--httponly-and-securetrue

Is one such discussion.

Comments
Sajjad Ali Khan commented Sep 17 '15, 2:52 a.m.

Kevin Ramer
thanks dear for the reply but i have tried to do what is mentioned in your provided link,

still the same vulnerability in my scan report

Your answer


Register or to post your answer.