|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 5781 | minor | always | 07-24-14 09:56 | 09-12-14 11:22 | |
|
|
|||||
| Reporter: | nam | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | |||
| Product Build: | Resolution: | no change required | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 4.0.41 | ||
|
|
|||||
| Summary: | 0005781: need fine-grained control of http-only cookies | ||||
| Description: |
(rep by dsryan) Is there a way to make the session cookie http-only and not any app created cookies...I have set the cookie in the application to Cookie.setHttpOnly(false) but the resin app server setting <cookie-http-only> sets ALL cookies to http-only. Is there a way to only have the session cookie JSESSIONID be http-only where others are not? |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||