Hello. Are there any plans to support the HttpOnly cookie flag in the session cookie (JSESSIONID) of JBoss? Tomcat is on route to support this security flag.
do you have informations about the availability of this option in JBoss?
It has been implemented in Tomcat 5.5.28 and 6.0.19.