We are upgrading to 7.1.1 Final and use the SSO functionality between our web applications. I can set the JSESSIONID cookie to HttpOnly in the web.xml file, but I'm looking for a way to configure the SSO cookie with HttpOnly. I have attempted to do it through the jboss-web.xml file (below), but it doesn't work:
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
<param>
<param-name>cookieHttpOnly</param-name>
<param-value>true</param-value>
</param>
</valve>
Any help would be appreciated.
Thanks!
Cory.