We have a web application running on jboss EAP 6.1 server. Recent web scanner reported that there is a potential security issue with the application. The cookies do not have "Httponly" in the response. I tried to set using web.xml as follows..
I could see this attribute for the first time, when I hit the URL. But after login, I do NOT see the attribute. Basically, I want this attribute set to all the cookies. Can you please help me, understand the issue and how can I set this attribute to all cookies?
He's my best friend. Not yours. Mine. You can have this tiny ad:
SKIP - a book about connecting industrious people with elderly land owners