Hi Spec JDK1.6 Tomcat 6.0.10 O/s Win / Linux(r-Hat) Browser : Crome 19.0.x / IE8
For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. I have Googled / Yahooed for the same..... "HttpOnly" 1 form suggested to use Filters and set Cookie Headers as alternative for Handling "HttpOnly" How ever with this setting we are able to see multiple Cookies being set *HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD; HttpOnly Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD Content-Type: text/html Content-Length: 2333 Date: Tue, 12 Jun 2012 04:46:29 GMT* Please some body explain me Why this is happening and how to prevent this for Cross scripting Hack ??? with regards karthik -- View this message in context: http://tomcat.10.n6.nabble.com/HttpOnly-tp4982369.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org