Out of the box, Jive
sets the secure attribute for cookies that should only be sent via HTTPS
connections. If your installation is not configured this way, you can configure Jive to send only allowed,
secure cookies.
-
In the Admin Console, go to .
-
Set the Jive
system property
jive.cookies.secure to true.
This results in all Jive-specific
cookies (not including JSESSIONID) having the
secure attribute set on the cookie.
-
Configure both Apache and Tomcat to only allow HTTPS connections. For more
information on the configuration, see Configuring SSL on load balancer.
-
Configure Tomcat with the
secure attribute set to
"true" in the server.xml configuration
file, specifically the server/connector element.