cookie = new Cookie(sessionId, cookieValue);
cookie.setVersion(1);
response.addCookie(cookie);
Thanks,
Kal
--
View this message in context:
http://www.nabble.com/Tomcat-Experts---Need-help-with-Cookie-support-in-6.0.18-tp18980912p18980912.html
Sent from the Tomcat - User
With 6.0.18 : ; Path=/; HttpOnly [literally] becomes part of the
cookie value. [That it worked before was sheer luck.]
-Tim
KalChitown wrote:
We recently upgraded from 6.0.14 to 6.0.18 due to an XSS security alert we
received.
The following code was working in 6.0.14 version but not in
a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Tomcat-Experts---Need-help-with-Cookie-support-in-6.0.18-tp18980912p18982955.html
Sent from
A cookie is composed of many parts such as:
name, value, path, expiration, secure
Cookie.setValue is only meant to set the value of the cookie. Your code
had the lucky side effect of setting the path and the HttpOnly flag.
If you wish to set a cookie with the HttpOnly flasg set - you need to
