Servlet Filter code is here :

public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain filterChain) throws IOException, ServletException {

        final HttpServletResponse response = (HttpServletResponse) res;

        final HttpServletRequest request = (HttpServletRequest) req;

        if (response.containsHeader("SET-COOKIE")) {  // *******

            response.setHeader("SET-COOKIE", "JSESSIONID=" + request.getSession().getId() + "; Path=" + request.getContextPath()

                    + "; HttpOnly" + (request.isSecure() ? SECURE_FLAG : ""));

        }

        filterChain.doFilter(req, res);

}

This works fine in tomcat 6.0. The line ******* just does not return true. I use Paros middle man proxy and I can see the "Set-Cookie" header getting generated (It's not case sensitive so that not the problem).