3 Replies Latest reply on Nov 10, 2012 5:09 AM by jfclere

    How to Add the 'HttpOnly' attribute to all session cookies in web applications running in jboss-4.0.3SP1

    srinu_ammina

      Dear Team,

       

      We recently undergone one security audit and it was mentioned as ' Missing HttpOnly Attribute in Session Cookie' and mentioned as 'Add the 'HttpOnly' attribute to all session cookies'

      We are runniing a web application developed in jsp/java technology and running in a jboss-4.0.3SP1 application server.

       

      Could you please let us know where exactly we need to do this settings?

       

      Thanks

      Srinivasa Rao Ammina