Hi, 2016-03-09 17:48 GMT+02:00 Rajesh Cherukuri <rajec...@gmail.com>: > > Hi > I was trying to disable httponly in the setcookie header from tomcat > reponse , can some one let me know how to disable it > > > > i have tried these 2 but didn't help me > > > > > > 1.) web.xml > > > <session-config> > <cookie-config> > <http-only>false</http-only> > </cookie-config> > </session-config> > > > > > > 2.) context.xml > > > useHttpOnly="false" > </Context>
Did you specify this as an attribute? <Context useHttpOnly="false"> ... </Context> Regards, Violeta > curl -I http://localhost:8801 > HTTP/1.1 200 OK > Server: Apache-Coyote/1.1 > Set-Cookie: JSESSIONID=7A54CAEC2733B3AB015ED09F9A68C72A; Path=/; *HttpOnly* > Content-Type: text/html;charset=ISO-8859-1 > Content-Length: 305 > Date: Wed, 09 Mar 2016 15:41:48 GMT > > > > *Server version: Apache Tomcat/8.0.30Server built: Dec 1 2015 22:30:46 > UTC* > Server number: 8.0.30.0 > OS Name: Linux > OS Version: 3.10.0-229.el7.x86_64 > Architecture: amd64 > JVM Version: 1.8.0_73-b02 > JVM Vendor: Oracle Corporation
