Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 9.4.5 HttpOnly.
Have you tried specifying <name>JSESSIONID</name> or whatever the name of the cookie is that you want to use inside the <cookie-config>? Let me know if that works, I'll see if we're not defaulting it to JSESSIONID if not supplied.

Jan

On 18 May 2017 at 01:07, Lord Buddha <lord.buddha@xxxxxxxxx> wrote:
Is it/should it possible to use jetty.base/etc/webdefault.xml to default the setting of HttpOnly to true for the session cookie.

Have tried

  <session-config>
    <session-timeout>30</session-timeout>
    <cookie-config>
      <http-only>true</http-only>
    </cookie-config>
  </session-config>

and

  <session-config>
    <session-timeout>30</session-timeout>
    <http-only>true</http-only>
  </session-config>

or is there some other alternate besides doing in the apps web.xml ?

/David

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD

Back to the top