How to configure secure cookies on SCM-MANAGER

i’ve tried to configured secure cookies in 2.30 by changing the server-conf.xml with

<New id="scm-webapp" class="org.eclipse.jetty.webapp.WebAppContext">
	<Set name="contextPath">/scm</Set>
	<Set name="war">
		<SystemProperty name="basedir" default="."/>/var/webapp/scm-webapp.war</Set>
	<!-- disable directory listings -->
	<Call name="setInitParameter">
	<Set name="tempDirectory">
		<SystemProperty name="basedir" default=".">/work/scm</SystemProperty
	<Get name="sessionHandler">
		<Get name="sessionManager">
			<Set name="secureCookies">true</Set>
			<Set name="httpOnly">true</Set>

But the error is NoSuchMethodError.

Tried to edit web.xml also with


and the cookie still insecure.

Can anyone help ?


Hey Ricardo,

have you checked our reverse proxy documentation?

If not, there is a part about

If XSRF protection is enabled on the SCM-Manager server, the cookie has to be HttpOnly=false and must not be modified.

Maybe this could already help you?

Regards, Eduard

Hi Ricardo,
SCM-Manager uses secure cookies automatically, if it is access over https:

Do you have https configured (

I am closing this topic as there has been no activity for more than 30 days.