How to configure secure cookies on SCM-MANAGER

Hello,
i’ve tried to configured secure cookies in 2.30 by changing the server-conf.xml with

<New id="scm-webapp" class="org.eclipse.jetty.webapp.WebAppContext">
	<Set name="contextPath">/scm</Set>
	<Set name="war">
		<SystemProperty name="basedir" default="."/>/var/webapp/scm-webapp.war</Set>
	<!-- disable directory listings -->
	<Call name="setInitParameter">
		<Arg>org.eclipse.jetty.servlet.Default.dirAllowed</Arg>
		<Arg>false</Arg>
	</Call>
	<Set name="tempDirectory">
		<SystemProperty name="basedir" default=".">/work/scm</SystemProperty
	</Set>
	<Get name="sessionHandler">
		<Get name="sessionManager">
			<Set name="secureCookies">true</Set>
			<Set name="httpOnly">true</Set>
		</Get>
	</Get>
</New>

But the error is NoSuchMethodError.

Tried to edit web.xml also with

<session-config>
    <session-timeout>30</session-timeout>
 <cookie-config>
  <secure>true</secure>
  <http-only>true</http-only>
 </cookie-config>
  </session-config>

and the cookie still insecure.

Can anyone help ?

Thanks
Ricardo

Hey Ricardo,

have you checked our reverse proxy documentation?

If not, there is a part about

If XSRF protection is enabled on the SCM-Manager server, the cookie has to be HttpOnly=false and must not be modified.

Maybe this could already help you?

Regards, Eduard

Hi Ricardo,
SCM-Manager uses secure cookies automatically, if it is access over https:

Do you have https configured (https://scm-manager.org/docs/latest/en/administration/scm-server/#https)?