2012/12/4 <techienote....@gmail.com>: > Hi Zhi, > > You can set following parameters in web.xml of application. > > <session-config> > <cookie-config> > <http-only>true</http-only> > <secure>true</secure> > </cookie-config> > </session-config>
+1. This is the best way. Note, that your web application should be using Servlet 3.0 specification (as declared at the top of your web.xml file) to use this feature. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org