geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gabriel.iliescu" <>
Subject HttpOnly on session cookie
Date Thu, 05 Aug 2010 20:29:44 GMT


In Tomcat versions 6.0.19 and later you have the option of setting the
useHttpOnly property in the conf\context.xml file. Tomcat will automatically
set the HttpOnly attribute on the JSESSIONID cookie:

<Context useHttpOnly="true">...</Context>

Is there a way to set this property in the latest version of Geronimo 2.1.4
and later which use Tomcat 6.0.20 and later? I've been trying to set it
(context.xml file in META-INF and in var\catalina\conf) and I've also tried
to find information online and on this forum on this but to no avail.


View this message in context:
Sent from the Users mailing list archive at

View raw message