WebApp Sec mailing list archives
HttpOnly and J2EE containers
From: Pilon Mntry <pilonmntry () yahoo com>
Date: Tue, 14 Feb 2006 00:27:46 -0800 (PST)
Lately, I needed to add HttpOnly cookie parameter to Java System Application Server PE and had to use ... <property name="cookiePath" value="/mypath; HttpOnly;"> ... hack in sun-web.xml file. Well, Actually this didn't work (obviously in IE, which uses v0 cookie parser and only one supporting HttpOnly) and I had to tweak the above "a little bit". Anyways, I searched about this on the net, but couldn't find anything solid except that Resin and some other AS has made this operation easy... Now, my question is do you guys know an easy way to incorporate this cookie parameter in other J2EE containers, such as OracleiAS or Websphere, WebLogic, etc. Maybe more a standard way than an easy way... -pilon __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- HttpOnly and J2EE containers Pilon Mntry (Feb 15)
- <Possible follow-ups>
- RE: HttpOnly and J2EE containers Jeff Williams (Feb 17)
- RE: HttpOnly and J2EE containers Pilon Mntry (Feb 20)