当使用JRun / ColdFusion时设置HTTPS(用于混合HTTPS / HTTP站点)时设置安全cookie
我们有一个运行在CF7上的网站,该网站同时登录和注销部分,并使用jsessionid进行会话。
We have a site running on CF7 that has both logged in and logged out sections, and uses jsessionid for sessions.
切换到HTTPS时),我们需要开始一个新的安全会话,在jsessionid cookie上设置'安全'标志。
When switching to HTTPS (for the secure sections), we need to start a new secure session, setting the 'Secure' flag on the jsessionid cookie.
JRun有一个选项设置'安全'
Whilst JRun has an option for setting 'Secure' it appears to be an all-or-nothing deal.
在HTTPS模式下,是否有办法始终使用安全?
Is there a way to always use Secure when in HTTPS mode?
相关问题:将HttpOnly标记设置为所有Cookie 。
出于某种原因,这不是微不足道的。
This explanation seems quite thorough. For some reason, it is not trivial.
12robots.com 使JSESSIONID会话令牌Cookie SECURE和HTTPOnly并设置其PATH
12robots.com Making the JSESSIONID Session Token Cookie SECURE and HTTPOnly and settings its PATH