We are upgrading to 7.1.1 Final and use the SSO functionality between our web applications.  I can set the JSESSIONID cookie to HttpOnly in the web.xml file, but I'm looking for a way to configure the SSO cookie with HttpOnly.  I have attempted to do it through the jboss-web.xml file (below), but it doesn't work:

<valve>

        <class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>

        <param>

            <param-name>cookieHttpOnly</param-name>

            <param-value>true</param-value>

        </param>

    </valve>

Any help would be appreciated.

Thanks!

Cory.