Hi,

I need to enable the session security cookie to httponly.I tried to update the 
context.xml

<!-- The contents of this file will be loaded for each web application -->
<Context useHttpOnly="true">

    <!-- Default set of monitored resources -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>

    <!-- Uncomment this to disable session persistence across Tomcat restarts 
-->
    <!--
    <Manager pathname="" />
    -->

But it doesn't work.


"CONFIDENTIALITY NOTICE: This message and any attachment are confidential and 
may also be privileged. If you are not the intended recipient of this e-mail 
you may not copy, forward, disclose or otherwise use it or any part of it in 
any form whatsoever. If you are not the intended recipient please telephone or 
e-mail the sender and delete this message and any attachment from your system."

Reply via email to