Actually don't bother following my suggestion, I've checked the code and I can't reproduce the problem at all. Are you sure you've told your webapp to use $jetty.base/etc/webdefault.xml as its defaultsdescriptor?
Jan On 18 May 2017 at 09:02, Jan Bartel <[email protected]> wrote: > Have you tried specifying <name>JSESSIONID</name> or whatever the name of > the cookie is that you want to use inside the <cookie-config>? Let me know > if that works, I'll see if we're not defaulting it to JSESSIONID if not > supplied. > > Jan > > On 18 May 2017 at 01:07, Lord Buddha <[email protected]> wrote: > >> Is it/should it possible to use jetty.base/etc/webdefault.xml to default >> the setting of HttpOnly to true for the session cookie. >> >> Have tried >> >> <session-config> >> <session-timeout>30</session-timeout> >> <cookie-config> >> <http-only>true</http-only> >> </cookie-config> >> </session-config> >> >> and >> >> <session-config> >> <session-timeout>30</session-timeout> >> <http-only>true</http-only> >> </session-config> >> >> or is there some other alternate besides doing in the apps web.xml ? >> >> /David >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > > -- > Jan Bartel <[email protected]> > www.webtide.com > *Expert assistance from the creators of Jetty and CometD* > > -- Jan Bartel <[email protected]> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
