how to set jsession id with http -only flag on sun one webserver

Question

may be this is a duplicate question but as far as i searched the above question was related to Tomcat. and few of those methods which i tried like using to set http-only flag in web.xml doesn work with sun one webserver. So please suggest me how to add http-only to JSESSIONID for web application that runs on sun one webserver.

Thanks

i used < cooki-config > in web.xml to set that flag – user2026311 Apr 25 '13 at 09:54 — user2026311, Apr 25 '13 at 09:54
Did you see the answer below? Was it helpful? – Michael May 23 '13 at 13:59 — Michael, May 23 '13 at 13:59

score 0 · Answer 1 · answered Apr 25 '13 at 10:27

The configuration is related to the version of web-app and not related to Tomcat or webserver 6.0. The configuration below is possible only in the version="3.0":

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee web-app_3_0.xsd"
      version="3.0">

      <!-- The configuration below is possible only in the version="3.0" -->
      <session-config>
        <cookie-config>
           <http-only>true</http-only>
        </cookie-config>
      </session-config>

</web-app>

how to set jsession id with http -only flag on sun one webserver

1 Answers1