Looking at SAP Note 1020365 which list the fixes contained in WebAS Java SP14 I noticed the following interesting new option :
" New property "SystemCookiesHTTPSProtection" is added in HTTP Provider service - support for "Secure" cookie attribute for system cookies (JSESSIONID and saplb). By default, this property is switched off. If it is switched on, then during creation of jsessionid and sap_lb cookies, new "Secure" attribute will be added."
Would be interesting to test it.....
02 February 2008
Secure Cookies?
Labels: Java/J2EE