Have you tried specifying <name>JSESSIONID</name> or whatever the name of the cookie is that you want to use inside the <cookie-config>? Let me know if that works, I'll see if we're not defaulting it to JSESSIONID if not supplied.
Jan On 18 May 2017 at 01:07, Lord Buddha <lord.bud...@gmail.com> wrote: > Is it/should it possible to use jetty.base/etc/webdefault.xml to default > the setting of HttpOnly to true for the session cookie. > > Have tried > > <session-config> > <session-timeout>30</session-timeout> > <cookie-config> > <http-only>true</http-only> > </cookie-config> > </session-config> > > and > > <session-config> > <session-timeout>30</session-timeout> > <http-only>true</http-only> > </session-config> > > or is there some other alternate besides doing in the apps web.xml ? > > /David > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users > -- Jan Bartel <j...@webtide.com> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users