Improved: Add session tracking mode and make cookie secure (OFBIZ-6655) Programmatically replaces the web.xml <session-config> declarations and uses the @WebListener annotation to start the process. This avoid to duplicates things everywhere in web.xml files. Since the web.xml files have precedence on annotations, the setting can be easily overridden when necessary.
Now that we also use HTTPS in ecommerce the ecommerce session cookie is also secured.
I also noted that we had 8 weird <session-timeout> declarations: in solr component: <session-timeout>2</session-timeout> in themes: <session-timeout>1</session-timeout>
Also in Rainbowstone we lacked the <cookie-config> and <tracking-mode> declarations. I think it's not good.
I resolve these points by simply removing the <session-config> in web.xml files of themes and Solr.