Hi,
Try the solution found here:
https://www.owasp.org/index.php/HttpOnly
String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; HttpOnly");
I've not tried this myself. Perhaps you could wrap the response
somehow, and have it handle multiple cookies.
Good luck! :)
Regards,
Vetle
On Mon, May 16, 2011 at 07:13, <forums_at_java.net> wrote:
> To enable an applet to read the JSESSIONID from the Page DOM, I need to be
> able to set the HTTPOnly flag to false for (ideally all) cookies. Now, I
> know
> I can set this in the web.xml, but I would like to be able to set this in
> Glassfish 3.1 somewhere, as this attribute is not supported in Glassfish
> 2.1.1 (to the best of my knowledge), and we would like to be able to keep
> the
> application compatible with both, at least until we have completed the move
> to Glassfish 3.1.
>
> Is this possible? Alternatively, is there a better way for the Applet to
> send
> the cookies across? As the operations it is performing require the user to
> be
> logged in, it's pretty much essential that it include the JSESSIONID when it
> makes request back to the server.
>
>
> --
>
> [Message sent by forum member 'ipsi']
>
> View Post: http://forums.java.net/node/802609
>
>
>
--
Vetle Roeim