On 15/01/2011 16:55, spring@gmx.eu wrote:
>
>> You will also need to set useHttpOnly=false on the Context. For
>> security, Tomcat sets the httpOnly flag on the cookie if
>> either of these
>> are true.
>
> Uh... Where is this documented? I was already looking for it...
the useHttpOnly flag is documented here:
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
The interaction between the settings isn't documented as far as I
recall. (Patches welcome)
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|