JavaScript access to Tomcat's cookies (eg. JSESSIONID) via useHttpOnly
Tue, 2012.10.30 - 14:09 — müzso
In Tomcat 5.* and 6.* this was not an issue, because by default Tomcat configuration did not add the HttpOnly flag to the session cookie, thus JavaScript in webapp generated pages could access it.
Reference on this:
However the default value of the
Reference on this:
However the default value of the
useHttpOnly context parameter was changed from false to true in Tomcat 7.0.
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
1 year 42 weeks ago
3 years 11 weeks ago
3 years 11 weeks ago
3 years 13 weeks ago
3 years 14 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago