abhishek vashistha
Reputation: 91
how to set cookies as secure flag in spring boot
I am working on spring boot and completely unaware how it's work . while authenticating the login JSESSIONID is created as cookie . Login code is as below
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginProcessingUrl("/authenticate")
.usernameParameter("username")
.passwordParameter("password")
.loginPage("/")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/app/**", "/js/**", "/css/**", "/fonts/**", "/favicon.ico", "/").permitAll().anyRequest()
.authenticated().and().csrf()
.csrfTokenRepository(csrfTokenRepository()).and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
How to make the cookie have secure flag
Upvotes: 6
Views: 29759
Answers (2)
diginoise
Reputation: 7620
In application.properties set the following property:
server.servlet.session.cookie.secure=true
... or in older versions (before ~2018):
server.session.cookie.secure=true
Upvotes: 16
RivanMota
Reputation: 804
Property 'server.session.cookie.secure' is Deprecated:
Use 'server.servlet.session.cookie.secure' instead.
In the application.properties put it:
server.servlet.session.cookie.secure=true
Upvotes: 10
Related Questions
- How to make spring boot never issue session cookie?
- Add secure flag to JSESSIONID cookie in spring automatically
- How to do basic authentication using cookies in spring security?
- Authentication using cookies in spring boot
- Set cookie in every request - SPRING
- Spring boot: How to set & read cookie
- SetSecure to true for a Cookie
- How to set secure flag on cookie programatically
- Add a cookie during the Spring Security login
- Setting a cookie upon login in Spring Security 3.0