I'm using Grails 2.2.4 with the Shiro plugin 1.1.4 and would like to mark the cookies as secure so the session information won't be sent over http.
I'm looking for the grails way to set this setting, which normally would be in shiro.ini
securityManager.sessionManager.sessionIdCookie.secure = true
Open JIRA issue to track this: http://jira.grails.org/browse/GPSHIRO-76
grails install-templates
src/templates/war/web.xml
so that it has session-config with cookie-config in it: <session-config> <cookie-config> <secure>true</secure> </cookie-config> </session-config>