Jboss 5. HttpOnly会话cookie

Question

How to configure JBoss 5.1.* to make session cookie HttpOnly? 如何配置JBoss 5.1。*以使会话cookie HttpOnly？

<Context useHttpOnly="true">

Doesn't work. 不起作用

Answer 1

Have you tried 你有没有尝试过

<SessionCookie secure="true" httpOnly="true" />

as explained here . 如这里解释。

Answer 2

I'm using JBoss [EAP] 5.0.1 and adding 我正在使用JBoss [EAP] 5.0.1并添加

<SessionCookie secure="true" httpOnly="true" />

in <myJBossServerInstancePath>/deploy/jbossweb.sar/context.xml 在<myJBossServerInstancePath> /deploy/jbossweb.sar/context.xml中

<Context cookies="true" crossContext="true">
    <SessionCookie secure="true" httpOnly="true" />
    ...

works perfectly (thanks Luciano). 完美地工作（感谢Luciano）。

Answer 3

Add 加

<SessionCookie secure="true" httpOnly="true" />

In $JBOSS_HOME/deploy/jbossweb.sar/context.xml 在$ JBOSS_HOME / deploy / jbossweb.sar / context.xml中

<Context cookies="true" crossContext="true">
   <SessionCookie secure="true" httpOnly="true" />

Make sure HTTPS/SSL configured in the server to work. 确保在服务器中配置的HTTPS / SSL可以正常工作。