[jboss-user] HttpOnly and jboss

pat pat at xvalheru.org
Wed Sep 8 04:18:08 EDT 2010


I'm new to this list. I want to setup usage of HttpOnly for cookies for
enterprise application, but without luck.

I've searched and found these:
1) Jboss 4.3 - add useHttpOnly="true" attribute to Context element in the web
application's context.xml
2) Jboss 5.x - add new element as subelement of the Context element in the web
application's context.xml; the element is <SessionCookie httpOnly="true"/>
(I've also try <SessionCookie path="/" httpOnly="true"/>)

None of these works for me.

The application is a enterprise application with web application packed in the
WAR archive. I've changed the context.xml which is in the WEB-INF directory of
the web application.

To check if the HttpOnly presents I'm using "Live HTTP headers" Firefox plug-in.

I'm sure I've missed something, but what I cannot find.

Thanks for help


Freehosting PIPNI - http://www.pipni.cz/

More information about the jboss-user mailing list