[Esapi-user] httpOnly flag and WebSphere

Ed Schaller schallee at darkmist.net
Wed Dec 16 23:01:14 EST 2009


> >  Has anyone actually tried adding the HttpOnly flag to JSESSION cookie
> in a filter or such?
> 
> Yes, in Tomcat 5x, using the ESAPI filter, no problem.

Oops. Sorry. I meant in WAS.

>>>------>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20091216/38cade03/attachment.bin 


More information about the Esapi-user mailing list