Hi, In Tomcat versions 6.0.19 and later you have the option of setting the useHttpOnly property in the conf\context.xml file. Tomcat will automatically set the HttpOnly attribute on the JSESSIONID cookie:
<Context useHttpOnly="true">...</Context> Is there a way to set this property in the latest version of Geronimo 2.1.4 and later which use Tomcat 6.0.20 and later? I've been trying to set it (context.xml file in META-INF and in var\catalina\conf) and I've also tried to find information online and on this forum on this but to no avail. Thanks! Gabriel -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/HttpOnly-on-session-cookie-tp1027676p1027676.html Sent from the Users mailing list archive at Nabble.com.
