Tim, Thanks for the reply. Can you explain what you mean by "becomes part of the value". I thought I had them part of the cookieValue already?
Can point out the change I need to make in my code snippet? -Kal Tim Funk wrote: > > With 6.0.18 : "; Path=/; HttpOnly" [literally] becomes part of the > cookie value. [That it worked before was sheer luck.] > > -Tim > > KalChitown wrote: >> We recently upgraded from 6.0.14 to 6.0.18 due to an XSS security alert >> we >> received. >> >> The following code was working in 6.0.14 version but not in 6.0.18. Can >> anyone explain this or a work around. >> >> >> String sessionId = "Our session ID"; >> String cookieValue = sessionId + "; Path=/; HttpOnly "; >> Cookie cookie = new Cookie("sessionId", cookieValue); >> cookie.setVersion(1); >> response.addCookie(cookie); >> >> > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Tomcat-Experts---Need-help-with-Cookie-support-in-6.0.18-tp18980912p18982955.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]