Unfortunately we don't use Tomcat. We use Sun Web Server 7, version: Sun Java System Web Server 7.0U6 B08/16/2009 06:32
Sue Walker-Thornton Software Developer/Database Administrator NASA Langley Research Center|LITES Contract (757) 224-4074 -----Original Message----- From: Stuart Lewis [mailto:[email protected]] Sent: Thursday, April 28, 2011 4:34 PM To: Thornton, Susan M. (LARC-B702)[LITES] Cc: [email protected] Subject: Re: [Dspace-tech] Setting JSESSIONID cookie to httpOnly in DSpace 1.5.1 Hi Sue, > Can someone help me figure out the correct code to use if I wanted to modify > DSpace 1.5.1 to set the JSESSIONID cookie to httpOnly, and where would be the > best place to put it? Header-default.jsp? Index.jsp? > Any help would very much be appreciated. If you are running a recent-ish version of Tomcat, you can set this in [tomcat]/conf/context.xml: Change: <Context> to <Context useHttpOnly="true"> I was able to verify it was set by using Firebug+FireCookie in Firefox. Thanks, Stuart Lewis Digital Development Manager Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
