tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "N.s.Karthik" <>
Subject HttpOnly
Date Tue, 12 Jun 2012 04:57:42 GMT

Tomcat 6.0.10
O/s Win / Linux(r-Hat)
Browser : Crome 19.0.x / IE8

For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET.

I have Googled / Yahooed for the same..... "HttpOnly"

1 form suggested to use Filters and set Cookie Headers as alternative for
Handling "HttpOnly"

How ever with this setting we are able to see multiple Cookies being set

*HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD;
Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD
Content-Type: text/html
Content-Length: 2333
Date: Tue, 12 Jun 2012 04:46:29 GMT*

Please some body explain me Why this is happening and how to prevent this
for Cross scripting Hack ???

with regards

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message