https://owasp.org/index.php/HttpOnly#Using_Java_to_Set_HttpOnly enjoy
On Tue, Jun 12, 2012 at 10:27 AM, N.s.Karthik <nskarthi...@gmail.com> wrote: > Hi > > Spec > JDK1.6 > Tomcat 6.0.10 > O/s Win / Linux(r-Hat) > Browser : Crome 19.0.x / IE8 > > For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. > > I have Googled / Yahooed for the same..... "HttpOnly" > > 1 form suggested to use Filters and set Cookie Headers as alternative for > Handling "HttpOnly" > > How ever with this setting we are able to see multiple Cookies being set > > *HTTP/1.1 200 OK > Server: Apache-Coyote/1.1 > Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD; > HttpOnly > Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD > Content-Type: text/html > Content-Length: 2333 > Date: Tue, 12 Jun 2012 04:46:29 GMT* > > > Please some body explain me Why this is happening and how to prevent this > for Cross scripting Hack ??? > > > with regards > karthik > > > -- > View this message in context: > http://tomcat.10.n6.nabble.com/HttpOnly-tp4982369.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
