问题
We have a site running on CF7 that has both logged in and logged out sections, and uses jsessionid for sessions.
When switching to HTTPS (for the secure sections), we need to start a new secure session, setting the 'Secure' flag on the jsessionid cookie.
Whilst JRun has an option for setting 'Secure' it appears to be an all-or-nothing deal.
Is there a way to always use Secure when in HTTPS mode?
Related Question: Setting HttpOnly flag for all cookies.
回答1:
This explanation seems quite thorough. For some reason, it is not trivial.
12robots.com Making the JSESSIONID Session Token Cookie SECURE and HTTPOnly and settings its PATH
来源:https://stackoverflow.com/questions/1048439/setting-secure-cookies-when-https-for-mixed-https-http-site-with-jrun-coldfusi