I want to use httpOnly SessionCookie in JSF 2, Servlet 3.0 environment:
{code}
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
{code}
My question is:
Does Richfaces (or in general, any jsf-library) makes use of httpsession via Javascript (for example, Richfaces makes use of Athmosphere lib in a4j:push) ?
If so, I cannot use <http-only>true</http-only>, because this would prevent the access from the session cookie by any javascript (library).