Got it. Thanks, guys.
2012/12/4 Konstantin Kolinko <[email protected]> > 2012/12/4 <[email protected]>: > > Hi Zhi, > > > > You can set following parameters in web.xml of application. > > > > <session-config> > > <cookie-config> > > <http-only>true</http-only> > > <secure>true</secure> > > </cookie-config> > > </session-config> > > +1. This is the best way. > > Note, that your web application should be using Servlet 3.0 > specification (as declared at the top of your web.xml file) to use > this feature. > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Best Regards Gary
