Is it/should it possible to use jetty.base/etc/webdefault.xml to default
the setting of HttpOnly to true for the session cookie.
Have tried
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
and
<session-config>
<session-timeout>30</session-timeout>
<http-only>true</http-only>
</session-config>
or is there some other alternate besides doing in the apps web.xml ?
/David
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
