Set login cookie 'secure' and 'HTTP only' flags

Hello,

I would like to add cookie flags - secure and http only - to session cookie. Currently they are not set.

Can I do that easily? Should I modify context.xml?

Regards,
Grzegorz

Hi,

Your question is more relevant to the server that you are using, not to the platform. Anyway, I can suggest that you can either setup httpOnly in your server (for instance, Tomcat 8) or for java web application, see the following links:

Regards,
Gleb

1 Like

Yes, you are right. I solved it using web.xml. Thanks for your support.