Hi Sue, > Can someone help me figure out the correct code to use if I wanted to modify > DSpace 1.5.1 to set the JSESSIONID cookie to httpOnly, and where would be the > best place to put it? Header-default.jsp? Index.jsp? > Any help would very much be appreciated.
If you are running a recent-ish version of Tomcat, you can set this in [tomcat]/conf/context.xml: Change: <Context> to <Context useHttpOnly="true"> I was able to verify it was set by using Firebug+FireCookie in Firefox. Thanks, Stuart Lewis Digital Development Manager Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech