I know we can do something like this:
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
But what I want to achieve is to set this flag (true or false) based on some config.
Should we use a filter and how ?
Thanks
Assuming that you are in a servlet 3.0+ environment, and you don't want to use
web.xml
to specify the cookie-secure-flag but set it programmatically:Implement a ServletContextListener and register it in the
web.xml
or via annotation.In its
contextInitialized
method evaluate your secure flag from your config and set it on theSessionCookieConfig
: