Skip to main content

Setting up secure cookies

Out of the box, Jive sets the secure attribute for cookies that should only be sent via HTTPS connections. If your installation is not configured this way, you can configure Jive to send only allowed, secure cookies.

Fastpath

Admin Console: System > Management > System Properties

  1. In the Admin Console, go to System > Management > System Properties.

  2. Set the Jive system property jive.cookies.secure to true.

    This results in all Jive-specific cookies (not including JSESSIONID) having the secure attribute set on the cookie.

  3. Configure both Apache and Tomcat to only allow HTTPS connections. For more information on the configuration, see Configuring SSL on load balancer.

  4. Configure Tomcat with the secure attribute set to "true" in the server.xml configuration file, specifically the server/connector element.

Related

Cookies in Jive communities