On 15/01/2011 16:55, spr...@gmx.eu wrote: > >> You will also need to set useHttpOnly=false on the Context. For >> security, Tomcat sets the httpOnly flag on the cookie if >> either of these >> are true. > > Uh... Where is this documented? I was already looking for it...
the useHttpOnly flag is documented here: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html The interaction between the settings isn't documented as far as I recall. (Patches welcome) Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
