0 Replies Latest reply on Feb 26, 2013 2:33 AM by nimo stephan

    Richfaces, servlet 3 HttpSession and http-only-cookie

    nimo stephan Master

      I want to use httpOnly SessionCookie in JSF 2, Servlet 3.0 environment:










      My question is:


      Does Richfaces (or in general, any jsf-library) makes use of httpsession via Javascript (for example, Richfaces makes use of Athmosphere lib in a4j:push) ?


      If so, I cannot use <http-only>true</http-only>, because this would prevent the access from the session cookie by any javascript (library).