Java EE 7 Application Developer — Question 50

How can a servlet indicate to the browser that cookie data should be sent over a secure connection?

Answer options

• A. Call the getSecure(true) method on the cookie object.
• B. Encrypt the cookie data. The browser automatically sends encrypted data over a secure connection.
• C. Set the ENCRYPT header in the response.
• D. Configure SessionTrackingMode.SSL on the ServletContext object.

Correct answer: A

Explanation

The correct answer is A because calling the getSecure(true) method on the cookie object explicitly marks the cookie as secure, ensuring it is only sent over HTTPS connections. Option B is misleading as encrypting data does not guarantee the secure transmission of cookies. Options C and D are incorrect since they do not provide a direct method to mark cookies as secure in the context of servlet development.