How to configure JBoss 5.1.* to make session cookie HttpOnly?
<Context useHttpOnly="true">
Doesn't work.
I'm using JBoss [EAP] 5.0.1 and adding
<SessionCookie secure="true" httpOnly="true" />
in <myJBossServerInstancePath>/deploy/jbossweb.sar/context.xml
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />
...
works perfectly (thanks Luciano).
Add
<SessionCookie secure="true" httpOnly="true" />
In $JBOSS_HOME/deploy/jbossweb.sar/context.xml
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />
Make sure HTTPS/SSL configured in the server to work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.