Use the Servlet spec javax.servlet.SessionCookieConfig.setHttpOnly(boolean)
http://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html ServletContext.getSessionCookieConfig() is the mechanism to access it. If you are using a WebAppContext use webappcontext.getServletContext().getSessionCookieConfig() If you are using a ServletContextHandler user servletcontexthandler.getServletContext().getSessionCookieConfig() You can also use a ServletContextListener.contextInitialized() event to access the ServletContext.getSessionCookieConfig() If you are manually setting up the Session handling, then you can use the SessionHandler.getSessionCookieConfig() Joakim Erdfelt / [email protected] On Mon, Oct 9, 2017 at 6:45 AM, Olaf van der Meer <[email protected]> wrote: > Hi, > > > > I recently updated from Jetty 8.1.x to 9.4.7. > > > > I am looking for the replacement how to set the server to accept httponly > cookies. > > This is what I did before: sessionHandler.getSessionManager(). > getSessionCookieConfig().setHttpOnly( true ); > > > > In the version 9.4.7 the SessionHandler has no getSessionManager(). > > > > > > How can I set httponly in jetty 9.4.x? > > > > Thanks, > > Olaf. > > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
