With 6.0.18 : "; Path=/; HttpOnly" [literally] becomes part of the
cookie value. [That it worked before was sheer luck.]
-Tim
KalChitown wrote:
We recently upgraded from 6.0.14 to 6.0.18 due to an XSS security alert we
received.
The following code was working in 6.0.14 version but not in 6.0.18. Can
anyone explain this or a work around.
String sessionId = "Our session ID";
String cookieValue = sessionId + "; Path=/; HttpOnly ";
Cookie cookie = new Cookie("sessionId", cookieValue);
cookie.setVersion(1);
response.addCookie(cookie);
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
