0 Replies Latest reply on Apr 2, 2013 8:55 AM by Cory Dahlstrom

    JBoss 7.1.1 Final + JSESSIONIDSSO and HttpOnly...

    Cory Dahlstrom Novice

      We are upgrading to 7.1.1 Final and use the SSO functionality between our web applications.  I can set the JSESSIONID cookie to HttpOnly in the web.xml file, but I'm looking for a way to configure the SSO cookie with HttpOnly.  I have attempted to do it through the jboss-web.xml file (below), but it doesn't work:

       

      <valve>

              <class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>

              <param>

                  <param-name>cookieHttpOnly</param-name>

                  <param-value>true</param-value>

              </param>

          </valve>

       

      Any help would be appreciated.

       

      Thanks!

       

      Cory.