Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 9.4.5 HttpOnly.

Have you tried specifying <name>JSESSIONID</name> or whatever the name of the cookie is that you want to use inside the <cookie-config>? Let me know if that works, I'll see if we're not defaulting it to JSESSIONID if not supplied.


On 18 May 2017 at 01:07, Lord Buddha <lord.buddha@xxxxxxxxx> wrote:
Is it/should it possible to use jetty.base/etc/webdefault.xml to default the setting of HttpOnly to true for the session cookie.

Have tried




or is there some other alternate besides doing in the apps web.xml ?


jetty-users mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Jan Bartel <janb@xxxxxxxxxxx>
Expert assistance from the creators of Jetty and CometD

Back to the top