This happened when I tested the application on an old version of firefox(v42) as it is a requirement. I have enabled the Httponly and secure attributes in web.xml as follows :
<session-config> <session-timeout>30</session-timeout> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config>
When I have accessed it with recent versions of firefox/chrome everything works fine. I was able to login and logout without any issue. But when I use an old version of firefox(v42) the session gets expired immediately after I login with my credentials.
What is the reason behind this and is there a workaround solution of mitigating the same on old browser versions?
As it turns out when I turn on the secure flag for cookie, the cookie will only be valid in case of https requests. An session created through http requests will be discarded and hence the session gets expired soon after I login.