tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Applet, session-ID - TC 6 vs. TC7
Date Sat, 15 Jan 2011 17:04:55 GMT
On 15/01/2011 16:55, spring@gmx.eu wrote:
> 
>> You will also need to set useHttpOnly=false on the Context. For
>> security, Tomcat sets the httpOnly flag on the cookie if 
>> either of these
>> are true.
> 
> Uh... Where is this documented? I was already looking for it...

the useHttpOnly flag is documented here:
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html

The interaction between the settings isn't documented as far as I
recall. (Patches welcome)

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message