Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] (no subject)
Use the Servlet spec javax.servlet.SessionCookieConfig.setHttpOnly(boolean)

http://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html

ServletContext.getSessionCookieConfig() is the mechanism to access it.

If you are using a WebAppContext use webappcontext.getServletContext().getSessionCookieConfig()
If you are using a ServletContextHandler user servletcontexthandler.getServletContext().getSessionCookieConfig()
You can also use a ServletContextListener.contextInitialized() event to access the ServletContext.getSessionCookieConfig()

If you are manually setting up the Session handling, then you can use the SessionHandler.getSessionCookieConfig()


Joakim Erdfelt / joakim@xxxxxxxxxxx

On Mon, Oct 9, 2017 at 6:45 AM, Olaf van der Meer <o.vandermeer@xxxxxx> wrote:

Hi,

 

I recently updated from Jetty 8.1.x to 9.4.7.

 

I am looking for the replacement how to set the server to accept httponly cookies.

This is what I did before: sessionHandler.getSessionManager().getSessionCookieConfig().setHttpOnly( true );

 

In the version 9.4.7 the SessionHandler has no getSessionManager().

 

 

How can I set httponly in jetty 9.4.x?

 

Thanks,

Olaf.

 


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top