Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] embedded jetty - set httponly cookies

Jetty 7 is old ... VERY old now ...

It was supporting Servlet 2.5, which didn't support setting the HttpOnly option in the cookies.
The result was that the only way to set that was to do it via the SessionManager directly.

However, lots has changed since then.
Jetty 9 is Servlet 3.1, it has a javax.servlet.SessionCookieConfig object

http://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html

In there, you will find setHttpOnly(boolean)
http://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html#setHttpOnly-boolean-

You can choose to use the ServletContext when the webapp is started (or starting) and configure it using normal servlet initialization techniques.

Or you can use the same object via the SessionManager.

webappcontext.getSessionHandler().getSessionManager().getSessionCookieConfig().setHttpOnly(true);


Joakim Erdfelt / joakim@xxxxxxxxxxx

On Wed, Dec 23, 2015 at 6:06 PM, Benjamin Jaton <benjamin.jaton@xxxxxxxxx> wrote:
but no luck.
Any pointers?

Thanks
Ben

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top