On 3/5/2014 2:28 PM, Konstantin Kolinko wrote:
The HttpOnly flag is used by cookies sent by server to the client.There is no point checking it on request.getCookies(), as browsers do not send it back (neither do they send 'path', 'secure' etc.).
Isn't that showing what the server is sending to the client? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
