Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 2 of 2

Thread: Surf Jacking

  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Surf Jacking

    Hi ,

    I need to mitigate surf jacking in the web application, For that recommendations is to set the cookie as secure .

    I tried below one in web.xml , but it doesn't works .

    <session-config>
    <cookie-config>
    <http-only>true</http-only>
    </cookie-config>
    </session-config>

    Could any advice how to mitigate this surf jacking

    Thanks in advance.


  2. #2
    Forum VIP
    Join Date
    Jun 2011
    Posts
    393
    My Mood
    Busy
    Thanks
    49
    Thanked 112 Times in 95 Posts
    Blog Entries
    5

    Default Re: Surf Jacking

    You can force cookies to only run through secure connections:
    Cookie.setSecure(true)

    Is this what you mean?