tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44382] Need to add support for HTTPOnly session cookie parameter
Date Sun, 31 Jan 2010 20:23:35 GMT

--- Comment #23 from August Detlefsen <> 2010-01-31 12:23:31 UTC
(In reply to comment #22)
> This has been applied to 5.5.x and will be included in 5.5.28 onwards.

On Tomcat 5.5.28, when using context.xml.default to setup attributes for all
contexts, this appears to have no effect. For example, in my
context.xml.default for a particular host I have: 

<Context reloadable="true" swallowOutput="true" crossContext="true"
allowLinking="true" unpackWAR="false" useHttpOnly="true">

And yet if I setup a page with: 

<script type="text/javascript">

I still get cookie information written to the output: 


Do I need to specify this individually for every context?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message