From 6214edfe330f62440e3641535ecc9584fdc7e9d9 Mon Sep 17 00:00:00 2001
From: lprimak <lenny@flowlogix.com>
Date: Thu, 21 Sep 2023 02:53:08 -0500
Subject: [PATCH] bugfix: make sure form resubmit cookie is secure

---
 .../org/apache/shiro/ee/filters/FormResubmitSupportCookies.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupportCookies.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupportCookies.java
index 06e90107cd..92b2337065 100644
--- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupportCookies.java
+++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupportCookies.java
@@ -45,6 +45,7 @@ static void addCookie(@NonNull HttpServletResponse response, ServletContext serv
         var cookie = new Cookie(cokieName, cookieValue);
         cookie.setPath(servletContext.getContextPath());
         cookie.setMaxAge(maxAge);
+        cookie.setSecure(true);
         response.addCookie(cookie);
     }
 
@@ -53,6 +54,7 @@ static void deleteCookie(@NonNull HttpServletResponse response, ServletContext s
         var cookieToDelete = new Cookie(cokieName, "tbd");
         cookieToDelete.setPath(servletContext.getContextPath());
         cookieToDelete.setMaxAge(0);
+        cookie.setSecure(true);
         response.addCookie(cookieToDelete);
     }