Re: with useHttpOnly="true" my browser could access cookies through javascript.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sush, On 11/24/13, 5:05 AM, sush3152 . wrote: > Thanks Chris.This is really useful. As you suggested,this time i > let tomcat to manage the sessionID by removing > response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid. > from the code.I co

Re: with useHttpOnly="true" my browser could access cookies through javascript.

Thanks Chris.This is really useful. As you suggested,this time i let tomcat to manage the sessionID by removing response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid. from the code.I could see the below result Set-Cookie: JSESSIONID=01D4A20F51FCE8F8401B47999524D8AB; Path=/UserHttpOnlyTest/

Re: with useHttpOnly="true" my browser could access cookies through javascript.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sush, On 11/21/13, 1:54 PM, sush3152 . wrote: > Hi,i have the below details about the problem. Please go though it > and let me know if i am making any mistakes. > > Environmnent Tomcat7 Exactly which version of Tomcat 7? > Windows7/Centos6.3 64b

with useHttpOnly="true" my browser could access cookies through javascript.

Hi,i have the below details about the problem.Please go though it and let me know if i am making any mistakes. Environmnent Tomcat7 Windows7/Centos6.3 64bit jdk 7 Mozilla firefox 25.0.1 CATALINA_HOME/conf/context.xml WEB-INF/web.xml Since i am using tomcat7 i dont think i need to configure