To configure cookie settings for session management...Servers | Server Types | WebSphere application servers | server_name | Session management | Enable cookies
- Cookie name
- Unique name for the session management cookie. The servlet spec requires the name JSESSIONID. However, for flexibility, we can configure this value.
- Restrict cookies to HTTPS sessions
- Restrict the exchange of cookies to HTTPS sessions only.
- Cookie domain
- Controls whether or not a browser sends a cookie to particular servers. For example, if we specify a particular domain, session cookies are sent to hosts in that domain. The default domain is the server.
If the domain property is set, make sure it begins with a dot (.). Certain versions of Netscape do not accept cookies if domain name doesn't start with a dot. Internet Explorer honors the domain with or without a dot. For example, if the domain name is set to mycom.com, change it to .mycom.com so that both Netscape and Internet Explorer honor the cookie.
When the servers are on different hosts, ensure that session cookies flow to all the servers by configuring a front-end router such as a Web server with the plug-in or setting the Cookie domain.
- Cookie path
- A cookie is sent to the URL designated in the path.
Specify any string representing a path on the server. "/" indicates root directory.
Specify a value to restrict the paths to which the cookie is sent. By restricting paths, you prevent the cookie from going to certain URLs on the server. If specify the root directory, the cookie is sent no matter which path on the given server is accessed.
- Cookie maximum age
- Amount of time that the cookie lives on the client browser. Specify that the cookie lives only as long as the current browser session, or to a maximum age. If we choose the maximum age option, specify the age in seconds. This value corresponds to the Time to Live (TTL) value described in the Cookie specification.
Default is the current browser session which is equivalent to setting the value to -1.
Related tasksSet session tracking