how to secure jsessionid cookie in tomcat 7 using environment variables

Question

This is a different question related to securing JSESSIONID cookie in tomcat 7.

I am using a cloud server where we dont have access to tomcat server.xml but can set environment variables and tomcat system variables.

I need to change below setting:

   <Connector port=" ...  />

And add secure="true" attribute using environment properties only. Is there any tomcat environment which I can set. For example we have a tomcat environment variable:

  `logging.dir=/logs/tomcatlogs`

I am using dynamic web module version 2.4 and java 7.

Answer 1

Unfortunately (for your pursposes) this setting is per connector, and will affect all applications on that connector. There is no way to set this except at the connector level.

If you truly want to affect only some applications deployed to the server, you could ask the server admins to define a new connector (would require a different port) and just set that one, but that still requires admin intervention, which it sounds like you were trying to avoid.