Hi,
Is it possible to alter a response header in a filter?
I already add some response headers with Response.setHeader(...), but I
want to add "HttpOnly" to every Set-Cookie header. Or is there an
alternative way to achieve this?
The JSESSIONID is apparently always set with HttpOnly, but not the
cookies I add via the Cookies service.
I have tried the following configuration with no results:
1) added in web.xml:
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
...
</session-config>
2) added in context.xml (Tomcat7)
<Context useHttpOnly="true">
I'm using Tapestry 5.3.7.
Nathan
