tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "N.s.Karthik" <nskarthi...@gmail.com>
Subject HttpOnly
Date Tue, 12 Jun 2012 04:57:42 GMT
Hi

Spec
JDK1.6
Tomcat 6.0.10
O/s Win / Linux(r-Hat)
Browser : Crome 19.0.x / IE8

For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET.

I have Googled / Yahooed for the same..... "HttpOnly"

1 form suggested to use Filters and set Cookie Headers as alternative for
Handling "HttpOnly"

How ever with this setting we are able to see multiple Cookies being set

*HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD;
HttpOnly
Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD
Content-Type: text/html
Content-Length: 2333
Date: Tue, 12 Jun 2012 04:46:29 GMT*


Please some body explain me Why this is happening and how to prevent this
for Cross scripting Hack ???


with regards
karthik


--
View this message in context: http://tomcat.10.n6.nabble.com/HttpOnly-tp4982369.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message