JavaScript access to Tomcat's cookies (eg. JSESSIONID) via useHttpOnly
Tue, 2012.10.30 - 14:09 — müzso
In Tomcat 5.* and 6.* this was not an issue, because by default Tomcat configuration did not add the HttpOnly flag to the session cookie, thus JavaScript in webapp generated pages could access it.
Reference on this:
However the default value of the
Reference on this:
However the default value of the
useHttpOnly context parameter was changed from false to true in Tomcat 7.0.
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
2 years 28 weeks ago
3 years 50 weeks ago
3 years 50 weeks ago
4 years 2 days ago
4 years 1 week ago
4 years 7 weeks ago
4 years 7 weeks ago
4 years 8 weeks ago
4 years 8 weeks ago
4 years 8 weeks ago