I need to set httpOnly and secure flags on session cookie in Google App Engine.
I tried the following in web.xml:
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
However, this didn't work.
I also tried this in the top of every JSP:
String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; HttpOnly");
How can I achieve this?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
