SESSION_COOKIE

The SESSION_COOKIE element specifies that cookies the JGAS uses to validate the session are created with the secure flag.

Syntax

<SESSION_COOKIE Secure={"TRUE"|"FALSE"} [ SameSite={"STRICT|LAX|NONE"} ]></SESSION_COOKIE>

The SESSION_COOKIE element takes a mandatory Secure attribute and an optional SameSite attribute.

Example secure session cookie

<INTERFACE>
  ...
  <HTTP>
    <SESSION_COOKIE  SameSite="None" Secure="TRUE" > </SESSION_COOKIE>
     ...
  </HTTP>
</INTERFACE>

Secure session cookie in web-xml

Note: If using a Java Enterprise Edition (J2EE) server, the secure flag needs to be configured in the web.xml file as shown in the example:
<web-app>
  ...
  <session-config>
    <cookie-config> 
      <secure>true</secure>
    </cookie-config>
  </session-config>
</web-app>

Parent elements

This element is a child of the HTTP element.