2012/6/12 N.s.Karthik <nskarthi...@gmail.com>: > Hi > > Spec > JDK1.6 > Tomcat 6.0.10 > O/s Win / Linux(r-Hat) > Browser : Crome 19.0.x / IE8 > > For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. > > I have Googled / Yahooed for the same..... "HttpOnly" > > 1 form suggested to use Filters and set Cookie Headers as alternative for > Handling "HttpOnly" > > How ever with this setting we are able to see multiple Cookies being set >
I am sure that you cannot do it with a Filter, just because of that double Set-Cookie header issue. It might be possible with a Valve though, but YMMV. Anyway, if you are seriously worrying about security, you should not use such an outdated version of Tomcat. http://tomcat.apache.org/security-6.html Built-in support for HttpOnly is available since Tomcat 6.0.20 (issue 44382), which was released 3 years ago. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
