System Administrator Jahia 7.3 Jahia 8 Legacy

Cookie JSessionId not secure


Our security team has reported that the cookie JSessionId is not secure, what can we do?


This cookie is being generated by Tomcat and the secure flag will be set to true if Tomcat detects that an SSL connection is being used.

To do so, you have to follow this documentation, especially the parts related to the RemoteIpValve and to the Apache2 front-ends.