I have to set the HttpOnly and the Secure flag in cookies.
There are some manuals how to set HttpOnly:
"In Tomcat 6 flag useHttpOnly=True in context.xml to force this behaviour for applications, including Tomcat-based frameworks like JBoss."
The context.xml can be found in jboss/server/<myserver>/deploy/jbossweb.sar/context.xml
Now it looks like this:
<!-- The contents of this file will be loaded for each web application -->
<Context cookies="true" crossContext="true" useHttpOnly="true">
<!-- Session persistence is disable by default. To enable for all web
apps set the pathname to a non-empty value:
<Manager pathname="SESSIONS.ser" />
To enable session persistence for a single web app, add a
<Manager pathname="" />
<!-- Install an InstanceListener to handle the establishment of the run-as
role for servlet init/destroy events.
Regrettably, it doesn't work.
I wasn't able to find a manual how to set the Secure flag, either.
Can anyone help me?
Thanks in advance.
|Retrieving data ...|