I have read here and here and the solution is for setting Httponly. Is there a way to set also the secure cookie flag?
Currently i am using the method describe in the OWASP page to set httponly
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; HttpOnly; secure ");
However, when I view the cookie in browser, the httponly and secure did not appear. Is the parameters case sensitive?
I am also using glassfish v2.1 and I have to come to know that it is JavaEE5 and servlet is version 2.5 and that I can configure httponly.
thanks
Aucun commentaire:
Enregistrer un commentaire