[Logo] Terracotta Discussion Forums (LEGACY READ-ONLY ARCHIVE)
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register /  [Login] Login 
[Expert]
Set httpOnly flag for JSESSIONID  XML
Forum Index -> Terracotta for Web Sessions
Author Message
[Post New]05/08/2012 03:55:54
    Subject: Set httpOnly flag for JSESSIONID
[Up]
arnsch

neo

Joined: 10/24/2011 07:47:38
Messages: 6
Offline
How can i set the httpOnly flag for the cookie JSESSIONID?
I'm using terracotta-session-1.1.2 with tomcat 6.0.32.
[Post New]05/08/2012 08:33:38
    Subject: Aw:Set httpOnly flag for JSESSIONID
[Up]
arnsch

neo

Joined: 10/24/2011 07:47:38
Messages: 6
Offline
Adding the flag <Context ... useHttpOnly="true"> in the tomcat configuration file (server.xml) has no effect. It seems terracotta ignores this flag. Without the TerracottaTomcat60xSessionValve it work as expected.
[Post New]08/23/2012 01:20:56
    Subject: Re:Set httpOnly flag for JSESSIONID
[Up]
rmahajan

journeyman

Joined: 12/28/2011 21:53:45
Messages: 47
Offline
I believe the httpOnly option is supported for Tomcat 7 onwards in Terracotta , as this option was originally introduced with Tomcat 7. Can you try with Tomcat 7 and let us know if that works for you.


 
Forum Index -> Terracotta for Web Sessions
Go to:   
Powered by JForum 2.1.7 © JForum Team