sessionCookieForceSecure property

bool sessionCookieForceSecure

Force the use of secure cookies for the session cookie.

If session cookies are used, they are created with their secure flag set if this is set to true. That indicated to the browser to only send the cookie over a secure connection (HTTPS).

The default value is false. This allows the cookies to be used over HTTPS and unsecured HTTP, which is necessary when testing over HTTP.

In production, this property should be set to true.

Note: if the server is run over HTTPS (i.e. the server was started using the runTLS method and not the run method) the session cookie's secure flag is always set. That is, this property only has an effect if the server was started using the run method.

Implementation

bool sessionCookieForceSecure = false;