I know we can do something like this:
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
But what I want to achieve is to set this flag (true or false) based on some config.
Should we use a filter and how ?
Thanks
Assuming that you are in a servlet 3.0+ environment, and you don't want to use web.xml
to specify the cookie-secure-flag but set it programmatically:
Implement a ServletContextListener and register it in the web.xml
or via annotation.
In its contextInitialized
method evaluate your secure flag from your config and set it on the SessionCookieConfig
:
public void contextInitialized(ServletContextEvent sce) {
boolean secure = ...
sce.getServletContext().getSessionCookieConfig().setSecure(secure);
}