We recently upgraded from 6.0.14 to 6.0.18 due to an XSS security alert we received.
The following code was working in 6.0.14 version but not in 6.0.18. Can anyone explain this or a work around. String sessionId = "Our session ID"; String cookieValue = sessionId + "; Path=/; HttpOnly "; Cookie cookie = new Cookie("sessionId", cookieValue); cookie.setVersion(1); response.addCookie(cookie); Thanks, Kal -- View this message in context: http://www.nabble.com/Tomcat-Experts---Need-help-with-Cookie-support-in-6.0.18-tp18980912p18980912.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]