How to configure JBoss 5.1.* to make session cookie HttpOnly?
<Context useHttpOnly="true">
Doesn't work.
How to configure JBoss 5.1.* to make session cookie HttpOnly?
<Context useHttpOnly="true">
Doesn't work.
Have you tried
<SessionCookie secure="true" httpOnly="true" />
as explained here.
I'm using JBoss [EAP] 5.0.1 and adding
<SessionCookie secure="true" httpOnly="true" />
in <myJBossServerInstancePath>/deploy/jbossweb.sar/context.xml
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />
...
works perfectly (thanks Luciano).
Add
<SessionCookie secure="true" httpOnly="true" />
In $JBOSS_HOME/deploy/jbossweb.sar/context.xml
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />
Make sure HTTPS/SSL configured in the server to work.