Hi,
I need to enable the session security cookie to httponly.I tried to update the
context.xml
<!-- The contents of this file will be loaded for each web application -->
<Context useHttpOnly="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts
-->
<!--
<Manager pathname="" />
-->
But it doesn't work.
"CONFIDENTIALITY NOTICE: This message and any attachment are confidential and
may also be privileged. If you are not the intended recipient of this e-mail
you may not copy, forward, disclose or otherwise use it or any part of it in
any form whatsoever. If you are not the intended recipient please telephone or
e-mail the sender and delete this message and any attachment from your system."