can we set cookies “secure” and “httpOnly” at JVM level
posted 2 years ago
I know that for servlet 3.0 complaint apps we can set these properties at web.xml level.
For servlet 2.5 or less, we can make these changes at server level(I am using IBM websphere 6.1).
I heard somewhere that we can also make these settings at JVM level.
I have following questions :
1) Is it possible to set these cookie attributes at JVM level.
2) Even if we set it, can there be any impacts on application.
3) Lets say that my application is completely using HTTPS, then it might be safe when we use JVM level settings. But suppose I have few other application running on same JVM then in that case will this create any problem for them?
4) Is there any way to do these settings at JVM level for specific applications.