Coldfusion 9.0.1 Secure JSESSIONID Cookie

Dev

Coldfusion 9.0.1 Secure JSESSIONID Cookie

by Christopher Kaukis
//

We are running a couple Coldfusion 9.0.1 servers with all the latest hotfixes and updates. We also needed secure cookies for these particular servers and we are using JSESSIONID instead of the CFID and CFTOKEN cookies. However, the JSESSIONID cookie was not secure by default and setting it as such isn’t so obvious as the other 2.

Everything I read said to update the runtime/bin/jvm.config file with the following option:

-Dcoldfusion.sessioncookie.httponly=true

However, when I restarted Coldfusion, that did not seem to do anything. Hmm… Then I found this: http://livedocs.adobe.com/jrun/4/Programmers_Guide/techniques_servlet13.htm#1154030

and added the following to wwwroot/WEB-INF/jrun-web.xml immediatly after the persistence-config inside the session-config tags:

true

Restarted Coldfusion, again… Success! Our JSESSIONID cookie is now secure.

More About the Author

Christopher Kaukis

Software Engineer
Running a Jekyll Blog Using Github Pages on Mac OS X 10.8 Mountain Lion In my last post I described installing Ruby on Mac OS X with RVM. The main reason I wanted to do this was to run a Jekyll Blog using ...
Installing Ruby 2.0.0 with RVM and Homebrew on Mac OS X 10.8 Mountain Lion This is a tutorial on how to install Ruby 2.0.0 on Mac OS X 10.8 Mountain Lion.  1. Install Xcode and the Command Line Tools If you ...

See more from this author →

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072

×

Love our blog? You should see our emails. Sign up for our newsletter!