Hello, The Geode HTTP Session Management Module for AppServers currently states: This approach is a generic solution, which is supported by any container that implements the Servlet 2.4 specification. I would like to suggest that this official support be bumped up to the Servlet 3.0 specification.
There are some important cookie security features missing in the ancient Servlet 2.4 spec, namely the secure and httpOnly flags. Bumping support to Servlet 3.0 would allow the Geode AppServer session module to inherently support these session cookie security features. I have logged the following Jira issue: https://issues.apache.org/jira/browse/GEODE-7438 and submitted a pull request that provides the necessary support if the Geode community agrees this is a good idea. And thank you for the excellent Apache Geode project! -- Charles Smith Developer/Analyst Web Architecture and Development MacEwan University smith...@macewan.ca
