SESSION_COOKIE

The SESSION_COOKIE element specifies that cookies the GAS uses to validate the session are created with the secure flag.

The main goal of cookies is to keep a state, using session variables, between two runs of an application by the same user. With the SESSION_COOKIE element you can specify that Genero session identifier cookies, as well as cookies created by Sticky Web services (see Configure sticky Web services), are created with the secure flag.

Syntax

<SESSION_COOKIE Secure={"TRUE|FALSE"}></SESSION_COOKIE>

Syntax notes

The SESSION_COOKIE element takes a mandatory Secure attribute. When set to TRUE, the cookie is restricted to secured connections (HTTPS) only. Valid values are TRUE or FALSE. The default is FALSE.

Example secure session cookie

<INTERFACE_TO_CONNECTOR>
  ...
  <HTTP>
     <SESSION_COOKIE Secure="TRUE"> </SESSION_COOKIE>
     ...
  </HTTP>
</INTERFACE_TO_CONNECTOR>

Secure session cookie in web-xml

Note: If using a Java Enterprise Edition (Java EE) server, the secure flag needs to be configured in the web.xml file as shown in the example:

<web-app>
  ...
  <session-config>
    <cookie-config> 
      <secure>true</secure>
    </cookie-config>
  </session-config>
</web-app>

Child elements

There are no child elements.

Parent elements

This element is a child of the HTTP element.