2014-06-18 12:13 GMT+04:00 Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco) <radme...@cisco.com>: > Thanks Konstantin for your quick reply. > Actually Security Scanners are thinking that "secure" and "httpOnly" flag is > not set and raising as issue. I would like to set these values by overriding > "setHeader" or "addHeader" in the ResponseWrapper, but not working.
You cannot intercept setting it. You have to look into changing the header that has already been set. (A filter can do that in Tomcat 7 with Servlet 3.0 APIs. A Valve can do that on any version of Tomcat). Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org