Hi All
I owe an apology, sorry.
Although I'd removed all apps I hadn't removed the instrumentation settings
from start up. With these removed the issue has gone away.
Thanks for the support
Mark
-Original Message-
From: Pritchett, Mark S. (CONT)
Sent: 08 March 2017 13:29
To: Tomcat
Hi Mark
The problem remains if I remove all the webapps except ROOT.
Regards
Mark
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: 08 March 2017 13:23
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: httpOnly issue
On 08/03/17 12:53, Pritchett,
Hi All
My first posting.
Server version: Apache Tomcat/7.0.67
JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00
A vulnerability scan has shown that tomcat doesn't apply httpOnly to come
cookies.
I need to determine if this can be 'corrected'.
We're scanning using ZAP,