How to add the 'Secure' attribute to all sensitive cookies in apache tomcat to fix Missing Secure Attribute in Encrypted Session (SSL) Cookie
One answer
There are tons of discussions on this in the wild-wild web. Most speak to configuration changes on the server.
http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/209/0/securing-session-cookies-in-tomcat-with--httponly-and-securetrue
Is one such discussion.
http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/209/0/securing-session-cookies-in-tomcat-with--httponly-and-securetrue
Is one such discussion.
Comments
Kevin Ramer
thanks dear for the reply but i have tried to do what is mentioned in your provided link,
still the same vulnerability in my scan report