How to enable HttpOnly and Secure flags for Cookies in JBoss EAP, Tomcat, and Apache httpd?
Issue
- Cookies generated by JBoss are not setting the httpOnly flag, does JBoss intend to adopt this standard?
- How can I enable the HttpOnly and/or Secure flags on my session cookies with EAP?
- How can I enable the HttpOnly and/or Secure flags on my session cookies with Tomcat?
- Can we set HttpOnly and/or Secure flags in HTTPD?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 4.2
- 4.3
- 5.0
- 6.x
- 7.x
- Red Hat JBoss Core Services
- Red Hat Enterprise Linux
- 6.x
- 7.x
- Red Hat Software Collections
- 2.x
- 3.x
- Red Hat JBoss Web Server (JWS)
- 2.x
- 3.x
- 5.x
- Apache HTTPD
- 2.2.x
- 2.4.x
- Apache Tomcat
- 7
- 8
- 9
- F5 BigIP Hardware Load Balancer
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.