We have a web application running on jboss EAP 6.1 server. Recent web scanner reported that there is a potential security issue with the application. The cookies do not have "Httponly" in the response. I tried to set using web.xml as follows..
I could see this attribute for the first time, when I hit the URL. But after login, I do NOT see the attribute. Basically, I want this attribute set to all the cookies. Can you please help me, understand the issue and how can I set this attribute to all cookies?
I found a beautiful pie. And a tiny ad:
the new thread boost feature brings a LOT of attention to your favorite threads