-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sush,
On 11/24/13, 5:05 AM, sush3152 . wrote: > Thanks Chris.This is really useful. As you suggested,this time i > let tomcat to manage the sessionID by removing > response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid..... > from the code.I could see the below result Set-Cookie: > JSESSIONID=01D4A20F51FCE8F8401B47999524D8AB; > Path=/UserHttpOnlyTest/; Secure; HttpOnly > > I have one more question to the same context,is there a way to > enable the httponly to the non-container managed cookies other than > programatically? No. It's not appropriate for the container to interfere with cookies added to a response by the application. > Adding the below lines in my application web.xml doenst have an > impact on the header <session-config> <cookie-config> > <http-only>true</http-only> </cookie-config> <session-config> Nor should it. The above only affects the JSESSIONID cookie, and only if Tomcat creates the cookie. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSk1jqAAoJEBzwKT+lPKRYV2EQAKUwxv9cTQiBeGellpU/ZZyn 4HU/k1ThQD9tNSszk7B1sBncVCn3aclpUdXN3waABA93J8K6vSM9yQcmXCZsPSPz 67kcykEUHJzHxP7bSjBaomquiDvE5V/91OzXg35pLcNDAIBTdCepIcM+7u0jT5Th wl5DJ6S8nx/WfygKIbMj0vt2hiQjxTfhuboUwFIs+XAsd6l1x+zbiESaPNIGKaEG +0gvft/FwRr9XUjOk1W46jgLgurz197kIaj57CRyjQaazA1bqWxgyDXL6oqb7JHO cuoyPKIk37k37+0V8cC+LSjH8pP2DqRocM2pXlMgxaDZXcizBLU0CfSF56PUesNk WfEEBlN2CxzeKQcqflhH1lqH9a/ayeld2xaF2aNJoHNLm6h0H4qKjPWWGpboFPAQ aCqDRFua71Uw3d5Ezj/vRmM7Zvk3DJex4y4HUeMQYW9GTeusshPsDSfCnLFkOQUa 0xqQmYETVbg+lvNUQSqJl5XGIC6gIRo9iDgioj1Z9a5jAaRMKSCPI0OwnJ4k9cRV XalY3ej9htfVIlIV7ALICENervaZ5kdzHTtUWpPi4mdUJaa0iaBcMc7F8vuQy7aU VhpMeYTi5/SRe6Bifd8ENwQLC83qNxMmD1baTLerApPhdjTVm9rxsfwDsMTFSS34 l6ZP+eeX7lJhdQRXKR6o =fQ5w -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org