This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:HttpOnly
From OWASP
Tomcat configuration
Tomcat versions from 5.5.28 and 6.0.19 support the HttpOnly cookie option.
This is configured in the conf/context.xml file:
<Context useHttpOnly="true"> ... </Context>
Simon Bennetts 14:40, 18 June 2010 (UTC)
