Out of the box, Jive
sets the "secure" attribute for cookies that should only be sent via HTTPS connections. If
your installation is not configured this way, here's how you can configure Jive to send only allowed,
secure cookies.
-
Set the Jive
system property "jive.cookies.secure" to the value "true". This results in
all Jive-specific cookies (not including JSESSIONID) having the "secure" attribute
set on the cookie ().
-
Configure both Apache and Tomcat to only allow HTTPS connections. To
understand these configurations, see Configuring SSL on the Load Balancer.
-
Configure Tomcat with the "secure" attribute set to "true" in the
server.xml configuration file, specifically the
"server/connector" element.