Hi
I was trying to disable httponly in the setcookie header from tomcat
reponse , can some one let me know how to disable it
i have tried these 2 but didn't help me
1.) web.xml
<session-config>
<cookie-config>
<http-only>false</http-only>
</cookie-config>
</session-config>
2.) context.xml
useHttpOnly="false"
</Context>
curl -I http://localhost:8801
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7A54CAEC2733B3AB015ED09F9A68C72A; Path=/; *HttpOnly*
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 305
Date: Wed, 09 Mar 2016 15:41:48 GMT
*Server version: Apache Tomcat/8.0.30Server built: Dec 1 2015 22:30:46
UTC*
Server number: 8.0.30.0
OS Name: Linux
OS Version: 3.10.0-229.el7.x86_64
Architecture: amd64
JVM Version: 1.8.0_73-b02
JVM Vendor: Oracle Corporation
