Setting Secure cookies when HTTPS (for mixed HTTPS

2019-05-22 05:06发布

问题:

We have a site running on CF7 that has both logged in and logged out sections, and uses jsessionid for sessions.

When switching to HTTPS (for the secure sections), we need to start a new secure session, setting the 'Secure' flag on the jsessionid cookie.

Whilst JRun has an option for setting 'Secure' it appears to be an all-or-nothing deal.

Is there a way to always use Secure when in HTTPS mode?


Related Question: Setting HttpOnly flag for all cookies.

回答1:

This explanation seems quite thorough. For some reason, it is not trivial.

12robots.com Making the JSESSIONID Session Token Cookie SECURE and HTTPOnly and settings its PATH