How to configure for session cookie as http-only

session session-cookies httponly
Romi picture Romi · Oct 20, 2011 · Viewed 10k times · Source

to set http-only I used this in web.xml

<session-config>
        <cookie-config>
        <http-only>true</http-only>
        </cookie-config>
    </session-config>

but it is not setting http-only. can any one suggest, what may be the problem. and how to set it.

Thanks.

Answer

fpacifici picture fpacifici · Oct 20, 2011

Which container are you using and in which version? pay attention since true can be used in web.xml only since servlet 3.0

Related questions

How to use cURL to send Cookies?

I read that Send cookies with curl works, but not for me. I have a REST endpoint as: class LoginResource(restful.Resource): def get(self): print(session) if 'USER_TOKEN' in session: return 'OK' return 'not authorized', 401 When I try …

Read More
Invalidating JSON Web Tokens

For a new node.js project I'm working on, I'm thinking about switching over from a cookie based session approach (by this, I mean, storing an id to a key-value store containing user sessions in a user's browser) to a …

Read More
How to delete cookies on an ASP.NET website

In my website when the user clicks on the "Logout" button, the Logout.aspx page loads with code Session.Clear(). In ASP.NET/C#, does this clear all cookies? Or is there any other code that needs to be added …

Read More