Jump to content

Secure cookie in JAVA


padmapraveen_vasili
 Share

Recommended Posts

Hi allthis was traced out by our senior engineers.they have identified that the login pages /service/jsp/index.jsp and /ourproj/controller are sending the JSESSIONID the secure attribute. If the secure attribute is not specified, a cookie is considered safe to be sent in the clear over unsecured channels which can occur when traffic is traveling over multiple gateways. If the cookies are sent in clear, they can be intercepted and used by an attacker to directly access a user session.how can i make up this issue to make my appilcation secure to use.They recommend that any cookie of the website which handles privileged functionality such as authentication items are sent using the secure attribute

Link to comment
Share on other sites

This is the javascript section. The W3S forum currently does not have a JSP section, so unless someone happens to look at this topic, I suggest you go to another forum and ask. :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...