Set cookie-secure and cookie-http-only to true by default for WebFilt…

…er config
moqui · Sep 26, 2018 · fe5f83b · fe5f83b
1 parent 9758f0f
commit fe5f83b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/MoquiConf.xml b/MoquiConf.xml
@@ -65,9 +65,9 @@
                 <!-- Domain of session id cookie. Default is based on incoming request. -->
                 <!-- <init-param name="cookie-domain" value=".mywebsite.com"/> -->
                 <!-- Should cookie only be sent using a secure protocol? Default is false. -->
-                <init-param name="cookie-secure" value="false"/>
+                <init-param name="cookie-secure" value="true"/>
                 <!-- Should HttpOnly attribute be set on cookie ? Default is false. -->
-                <init-param name="cookie-http-only" value="false"/>
+                <init-param name="cookie-http-only" value="true"/>
                 <!-- Are you debugging? Default is false. -->
                 <init-param name="debug" value="false"/>
                 <!-- Do you want to shutdown HazelcastInstance during web application undeploy process? Default is true. -->