Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

HttpOnly, setSecure Cookie not coming from Browser to Servlet.

Anirudh Gupta
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

The 1st request is handled by a servlet where 4 cookies are set and then request is forwarded to a JSP.

The JSP's response header when studied using Development tool's Network tab can be seen to have all the cookies in the response header.
However in Resources tab only the simple and HTTPOnly cookies can be observed and the Javascript code can access only simple cookies.

The JSP form's action is a servlet. This is where my question is.

The request received in the 2nd servlet when queried appears to NOT contain any Secure Cookies and the HTTPOnly cookies also do not
show up as HTTPOnly(ck.isHttpOnly()). WHY is this so?

Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!