You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by "gabriel.iliescu" <fl...@gmail.com> on 2010/08/05 22:29:44 UTC

HttpOnly on session cookie

Hi,

In Tomcat versions 6.0.19 and later you have the option of setting the
useHttpOnly property in the conf\context.xml file. Tomcat will automatically
set the HttpOnly attribute on the JSESSIONID cookie:

<Context useHttpOnly="true">...</Context>

Is there a way to set this property in the latest version of Geronimo 2.1.4
and later which use Tomcat 6.0.20 and later? I've been trying to set it
(context.xml file in META-INF and in var\catalina\conf) and I've also tried
to find information online and on this forum on this but to no avail.

Thanks!

Gabriel
-- 
View this message in context: http://apache-geronimo.328035.n3.nabble.com/HttpOnly-on-session-cookie-tp1027676p1027676.html
Sent from the Users mailing list archive at Nabble.com.