From 3c750a9a9d2482744235d31803e9d54b681c42a3 Mon Sep 17 00:00:00 2001 From: Jim Crossley Date: Tue, 24 Feb 2015 18:02:19 -0500 Subject: [PATCH] Fix docs to clarify :cookie-attrs in WF [IMMUTANT-527] --- web/src/immutant/web/middleware.clj | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/web/src/immutant/web/middleware.clj b/web/src/immutant/web/middleware.clj index b1e35343..d38d1c62 100644 --- a/web/src/immutant/web/middleware.clj +++ b/web/src/immutant/web/middleware.clj @@ -47,19 +47,28 @@ * :timeout The number of seconds of inactivity before session expires [1800] * :cookie-name The name of the cookie that holds the session key [\"JSESSIONID\"] - * :cookie-attrs A map of attributes to associate with the session cookie [nil] A :timeout value less than or equal to zero indicates the session should never expire. - The following :cookie-attrs keys are supported: + When running embedded, i.e. not deployed to a WildFly/EAP container, + another option is available: + + * :cookie-attrs A map of attributes to associate with the session cookie [nil] + + And the following :cookie-attrs keys are supported: * :path - the subpath the cookie is valid for * :domain - the domain the cookie is valid for * :max-age - the maximum age in seconds of the cookie * :secure - set to true if the cookie requires HTTPS, prevent HTTP access * :http-only - set to true if the cookie is valid for HTTP and HTTPS only - (ie. prevent JavaScript access)" + (ie. prevent JavaScript access) + + Within WildFly/EAP, :cookie-attrs is ignored because a servlet + context may only be configured at deployment. This means + non-standard cookie configuration must be done in + `WEB-INF/web.xml`." ([handler] (wrap-session handler {})) ([handler options]