A cookie is composed of many parts such as:
name, value, path, expiration, secure
Cookie.setValue is only meant to set the value of the cookie. Your code
had the lucky side effect of setting the path and the HttpOnly flag.
If you wish to set a cookie with the HttpOnly flasg set - you need to
ie cookie = new Cookie("sessionId", cookieValue);
>> cookie.setVersion(1);
>> response.addCookie(cookie);
>>
>>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EM
With 6.0.18 : "; Path=/; HttpOnly" [literally] becomes part of the
cookie value. [That it worked before was sheer luck.]
-Tim
KalChitown wrote:
We recently upgraded from 6.0.14 to 6.0.18 due to an XSS security alert we
received.
The following code was working in 6.0.14 version but not in 6.0
pOnly ";
Cookie cookie = new Cookie("sessionId", cookieValue);
cookie.setVersion(1);
response.addCookie(cookie);
Thanks,
Kal
--
View this message in context:
http://www.nabble.com/Tomcat-Experts---Need-help-with-Cookie-support-in-6.0.18-tp18980912p1898
