AMBARI-21675.Add Secure Flag to Cookie / JSESSIONID in Zeppelin(Prabhjyot Singh via Venkata Sairam)

venkatasairamlanka · venkatasairamlanka · commit 6fb371957ad5 · 2017-08-21T14:03:58.000+05:30
diff --git a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml
@@ -61,6 +61,12 @@ sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
 securityManager.cacheManager = $cacheManager
 
+cookie = org.apache.shiro.web.servlet.SimpleCookie
+cookie.name = JSESSIONID
+cookie.secure = true
+cookie.httpOnly = true
+sessionManager.sessionIdCookie = $cookie
+
 securityManager.sessionManager = $sessionManager
 # 86,400,000 milliseconds = 24 hour
 securityManager.sessionManager.globalSessionTimeout = 86400000
