Hi Zhi, You can set following parameters in web.xml of application.
<session-config> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config> Regards, Vidyadhar ------Original Message------ From: Zhi Xie To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: How to use the usehttponly feature in application level Sent: Dec 4, 2012 10:43 Sorry, I don't find any doc to introduce this. There are a lot of docs to show how to implement the feature in conf/context.xml. <Context useHttpOnly="true"> ... </Context> Who can tell me how to implement the feature in application level? For example, I have 2 applications in the Tomcat server. One is named HelloWorld, the other is named HiWorld. I hope the HelloWorld should use the usehttponly feature, the other is not. Any advice is appreciated. -- Best Regards Gary Sent on my BlackBerry® from Vodafone --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
