Got it. Thanks, guys.
2012/12/4 Konstantin Kolinko <knst.koli...@gmail.com> > 2012/12/4 <techienote....@gmail.com>: > > Hi Zhi, > > > > You can set following parameters in web.xml of application. > > > > <session-config> > > <cookie-config> > > <http-only>true</http-only> > > <secure>true</secure> > > </cookie-config> > > </session-config> > > +1. This is the best way. > > Note, that your web application should be using Servlet 3.0 > specification (as declared at the top of your web.xml file) to use > this feature. > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Best Regards Gary