How to enable HttpOnly and Secure flags for Cookies in JBoss EAP, Tomcat, and Apache httpd?

Solution Verified - Updated -

Issue

  • Cookies generated by JBoss are not setting the httpOnly flag, does JBoss intend to adopt this standard?
  • How can I enable the HttpOnly and/or Secure flags on my session cookies with EAP?
  • How can I enable the HttpOnly and/or Secure flags on my session cookies with Tomcat?
  • Can we set HttpOnly and/or Secure flags in HTTPD?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 4.2
    • 4.3
    • 5.0
    • 6.x
    • 7.x
  • Red Hat JBoss Core Services
  • Red Hat Enterprise Linux
    • 6.x
    • 7.x
  • Red Hat Software Collections
    • 2.x
    • 3.x
  • Red Hat JBoss Web Server (JWS)
    • 2.x
    • 3.x
    • 5.x
  • Apache HTTPD
    • 2.2.x
    • 2.4.x
  • Apache Tomcat
    • 7
    • 8
    • 9
  • F5 BigIP Hardware Load Balancer

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In