how to set cookies as secure flag in spring boot

Question

I am working on spring boot and completely unaware how it's work . while authenticating the login JSESSIONID is created as cookie . Login code is as below

 protected void configure(HttpSecurity http) throws Exception {
    http
            .formLogin()
            .loginProcessingUrl("/authenticate")
            .usernameParameter("username")
            .passwordParameter("password")
            .loginPage("/")
            .permitAll()
            .and()
            .logout()
            .permitAll()
            .and()
            .authorizeRequests()
            .antMatchers("/index.html", "/home.html", "/login.html", "/app/**", "/js/**", "/css/**", "/fonts/**", "/favicon.ico", "/").permitAll().anyRequest()
            .authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}

How to make the cookie have secure flag

Answer 1

In application.properties set the following property:

server.servlet.session.cookie.secure=true

... or in older versions (before ~2018):

server.session.cookie.secure=true

Answer 2

Property 'server.session.cookie.secure' is Deprecated:
Use 'server.servlet.session.cookie.secure' instead.

In the application.properties put it:

server.servlet.session.cookie.secure=true