[jetty-users] Jetty 9.4.5 HttpOnly.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Jetty 9.4.5 HttpOnly.

From: Lord Buddha <lord.buddha@xxxxxxxxx>
Date: Thu, 18 May 2017 11:07:34 +1200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Is it/should it possible to use jetty.base/etc/webdefault.xml to default the setting of HttpOnly to true for the session cookie.

Have tried

<session-config>
    <session-timeout>30</session-timeout>
    <cookie-config>
      <http-only>true</http-only>
    </cookie-config>
</session-config>

and

<session-config>
    <session-timeout>30</session-timeout>
    <http-only>true</http-only>
</session-config>

or is there some other alternate besides doing in the apps web.xml ?

/David

Follow-Ups:
- Re: [jetty-users] Jetty 9.4.5 HttpOnly.
  - From: Jan Bartel

Prev by Date: Re: [jetty-users] Old war file doesn't work with new jetty
Next by Date: Re: [jetty-users] Jetty 9.4.5 HttpOnly.
Previous by thread: [jetty-users] Old war file doesn't work with new jetty
Next by thread: Re: [jetty-users] Jetty 9.4.5 HttpOnly.
Index(es):
- Date
- Thread

Breadcrumbs