How to activate secure cookies in Wildfly?

Question

I’m trying to add the secure flag to my cookies for a web app in Wildfly (version 8.2). In the documentation page of the servlet container settings you’ll find that the children of the “servlet-container” are:

1. jsp
2. persistent-sessions
3. session-cookie
4. websockets

However I only have jsp and websockets. How do I access the session-cookie settings? If I can’t, how to I add the secure flag to my cookies?

UPDATE: I can’t access the web.xml files inside the wars, only wildfly configuration files.

Answer 1

Try following command via jboss-cli:

/subsystem=undertow/servlet-container=default/setting=session-cookie:add(http-only=true,secure=true)

or in your standalone.xml:

<servlet-container name="default">
    <session-cookie http-only="true" secure="true"/>
    <jsp-config/>
</servlet-container>

ref: http://wildscribe.github.io/Wildfly/8.2.0.Final/subsystem/undertow/servlet-container/setting/session-cookie/index.html