Members please hlep me out on this one. I would like to configure Jboss to set up httponly,secure, and maxage parameters in the headers. I found one posts saying that it can be set inside of the SessionCookie element inside of the context.xml. I googled a lot but didn't find these things being mentioned in Jboss community. Can anyone please confirm this with proper url.