Http-only flag not working on tomcat 6 and servlet 2.5

Question

I want to make my cookie secure and http request only. I've seen many post like this and seem to work fine, but using configuration files and servlet +2.5. What I basically want to do is to set my cookie http only and (if possible) ssl only as well.

score 0 · Answer 1 · answered Jan 09 '20 at 09:26

0

Servlet 2.5 not support to allow cookies to be marked as HttpOnly. Servlet 3.0 has provision to allow cookies to be marked as HttpOnly.

answered Jan 09 '20 at 09:26

user12681417

1

Http-only flag not working on tomcat 6 and servlet 2.5

1 Answers1