0 Replies Latest reply on Jan 31, 2013 5:18 PM by sbourguiba

    JBoss 7 - HttpOnly flag for SSO Cookies

    sbourguiba

      Hi all,

       

      I want that the client browser blocks access to the JSESSIONIDSSO cookie for client-side scripts.

      I have already fix this configuration for JSESSIONID cookie by adding <cookie-config><http-only>true</http-only></cookie-config> in web.xml file,

      but i still searching a solution for JSESSIONIDSSO cookie.

       

      Any idea ?

       

      Thanks in advance,