Setting the HttpOnly Flag – Java
For older versions of servlet Add the following on cookie creation For servlet version 3.0 or later Add the following lines into web.xml file Reference https://www.owasp.org/index.php/HttpOnly#Using_Java_to_Set_HttpOnly