Mantis - Resin
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
5781 | minor | always | 07-24-14 09:56 | 09-12-14 11:22 | |
|
|||||
Reporter: | nam | Platform: | |||
Assigned To: | ferg | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | |||
Product Build: | Resolution: | no change required | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | 4.0.41 | ||
|
|||||
Summary: | 0005781: need fine-grained control of http-only cookies | ||||
Description: |
(rep by dsryan) Is there a way to make the session cookie http-only and not any app created cookies...I have set the cookie in the application to Cookie.setHttpOnly(false) but the resin app server setting <cookie-http-only> sets ALL cookies to http-only. Is there a way to only have the session cookie JSESSIONID be http-only where others are not? |
||||
Steps To Reproduce: | |||||
Additional Information: | |||||
Relationships | |||||
Attached Files: |
Notes | |||||
|
|||||
|
|