tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: How to use the usehttponly feature in application level
Date Tue, 04 Dec 2012 13:16:13 GMT
2012/12/4  <techienote.com@gmail.com>:
> Hi Zhi,
>
> You can set following parameters in web.xml of application.
>
> <session-config>
> <cookie-config>
> <http-only>true</http-only>
> <secure>true</secure>
> </cookie-config>
> </session-config>

+1. This is the best way.

Note, that your web application should be using Servlet 3.0
specification (as declared at the top of your web.xml file) to use
this feature.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message