Fix docs to clarify :cookie-attrs in WF [IMMUTANT-527]

immutant · Feb 24, 2015 · 3c750a9 · 3c750a9
1 parent 470aae8
commit 3c750a9
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/web/src/immutant/web/middleware.clj b/web/src/immutant/web/middleware.clj
@@ -47,19 +47,28 @@
 
      * :timeout The number of seconds of inactivity before session expires [1800]
      * :cookie-name The name of the cookie that holds the session key [\"JSESSIONID\"]
-     * :cookie-attrs A map of attributes to associate with the session cookie [nil]
 
   A :timeout value less than or equal to zero indicates the session
   should never expire.
 
-  The following :cookie-attrs keys are supported:
+  When running embedded, i.e. not deployed to a WildFly/EAP container,
+  another option is available:
+
+     * :cookie-attrs A map of attributes to associate with the session cookie [nil]
+
+  And the following :cookie-attrs keys are supported:
 
      * :path      - the subpath the cookie is valid for
      * :domain    - the domain the cookie is valid for
      * :max-age   - the maximum age in seconds of the cookie
      * :secure    - set to true if the cookie requires HTTPS, prevent HTTP access
      * :http-only - set to true if the cookie is valid for HTTP and HTTPS only
-                    (ie. prevent JavaScript access)"
+                    (ie. prevent JavaScript access)
+
+  Within WildFly/EAP, :cookie-attrs is ignored because a servlet
+  context may only be configured at deployment. This means
+  non-standard cookie configuration must be done in
+  `WEB-INF/web.xml`."
   ([handler]
      (wrap-session handler {}))
   ([handler options]