Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How to add the 'Secure' attribute to all sensitive cookies in apache tomcat to fix Missing Secure Attribute in Encrypted Session (SSL) Cookie

Hi All,

Can anyone please help me to add the 'Secure' attribute to all sensitive cookies in apache tomcat to fix "Missing Secure Attribute in Encrypted Session (SSL) Cookie" vulnerability of tomcat 7.0.64

Regards,
Sajjad.

0 votes



One answer

Permanent link
There are tons of discussions on this in the wild-wild web.   Most speak to configuration changes on the server.  

http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/209/0/securing-session-cookies-in-tomcat-with--httponly-and-securetrue

Is one such discussion.

0 votes

Comments

Kevin Ramer
thanks dear for the reply but i have tried to do what is mentioned in your provided link,

still the same vulnerability in my scan report

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,017
× 7,491
× 1,699

Question asked: Sep 15 '15, 5:18 a.m.

Question was seen: 7,873 times

Last updated: Sep 17 '15, 2:52 a.m.

Confirmation Cancel Confirm