This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:HttpOnly

From OWASP

Revision as of 13:41, 18 June 2010 by Simon Bennetts (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Tomcat configuration

Tomcat versions from 5.5.28 and 6.0.19 support the HttpOnly cookie option.

This is configured in the conf/context.xml file:

<Context useHttpOnly="true">
...
</Context>

Simon Bennetts 14:40, 18 June 2010 (UTC)

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:HttpOnly&oldid=85101"