Setting the HttpOnly Flag – Java

For older versions of servlet

Add the following on cookie creation

String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; HttpOnly");

For servlet version 3.0 or later

Add the following lines into web.xml file



0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *