2012/12/4 <[email protected]>: > Hi Zhi, > > You can set following parameters in web.xml of application. > > <session-config> > <cookie-config> > <http-only>true</http-only> > <secure>true</secure> > </cookie-config> > </session-config>
+1. This is the best way. Note, that your web application should be using Servlet 3.0 specification (as declared at the top of your web.xml file) to use this feature. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
