how to enable httponly for jsessionid cookie in jboss 4.2.3

Question

how to enable httponly for jsessionid cookie in jboss 4.2.3 ?

Note :jboss 4.2.3 is having implementation of servlet 2.4

score 1 · Answer 1 · answered Jan 19 '17 at 17:07

I'm afraid you can't... For the same kind of requirement, I had to patch tomcat class.

in tomcat's org.apache.tomcat.util.http.ServerCookie.java

you can add this kind of properties by changing code on the appendCookieValue method (you can also check on witch cookie you want to apply this ... )

how to enable httponly for jsessionid cookie in jboss 4.2.3

1 Answers1