How to protect jsessionid cookie in tomcat 7 using environment variables

Question

How to protect jsessionid cookie in tomcat 7 using environment variables

This is another JSESSIONID cookie security issue in tomcat 7.

I use a cloud server, where we do not have access to tomcat server.xml, but we can set environment variables and tomcat system variables.

I need to change the settings below:

<Connector port=" ... />

And add the attribute secure = "true" using only the properties of the environment. Is there some kind of tomcat environment that I can install. For example, we have the tomcat environment variable:

  `logging.dir=/logs/tomcatlogs`

I am using dynamic web module version 2.4 and java 7.

+5

java tomcat servlets tomcat7

amitmah Aug 11 '17 at 20:58

source share

1 answer

Daniel · Accepted Answer · 2017-08-23T19:18:43+0000

Unfortunately (for your purposes) this setting is suitable for each connector and will affect all applications on this connector. It is not possible to set this except for the connector level.

If you really want to affect only certain applications deployed on the server, you can ask the server administrators to define a new connector (you need a different port) and just install it, but this requires administrator intervention, which it looks like you tried to avoid.

How to protect jsessionid cookie in tomcat 7 using environment variables

More articles: