Coldfusion 9.0.1 Secure JSESSIONID Cookie

Dev

Coldfusion 9.0.1 Secure JSESSIONID Cookie

by Christopher Kaukis

We are running a couple Coldfusion 9.0.1 servers with all the latest hotfixes and updates. We also needed secure cookies for these particular servers and we are using JSESSIONID instead of the CFID and CFTOKEN cookies. However, the JSESSIONID cookie was not secure by default and setting it as such isn’t so obvious as the other 2.

Everything I read said to update the runtime/bin/jvm.config file with the following option:

-Dcoldfusion.sessioncookie.httponly=true

However, when I restarted Coldfusion, that did not seem to do anything. Hmm… Then I found this: http://livedocs.adobe.com/jrun/4/Programmers_Guide/techniques_servlet13.htm#1154030

and added the following to wwwroot/WEB-INF/jrun-web.xml immediatly after the persistence-config inside the session-config tags:

true

Restarted Coldfusion, again… Success! Our JSESSIONID cookie is now secure.

More About the Author

Christopher Kaukis

Software Engineer
Running a Jekyll Blog Using Github Pages on Mac OS X 10.8 Mountain Lion In my last post I described installing Ruby on Mac OS X with RVM. The main reason I wanted to do this was to run a Jekyll Blog using ...
Installing Ruby 2.0.0 with RVM and Homebrew on Mac OS X 10.8 Mountain Lion This is a tutorial on how to install Ruby 2.0.0 on Mac OS X 10.8 Mountain Lion.  1. Install Xcode and the Command Line Tools If you ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072