HttpOnly and J2EE containers

[Pilon Mntry <pilonmntry () yahoo com>]

Lately, I needed to add HttpOnly cookie parameter to
Java System Application Server PE and had to use 

...
<property name="cookiePath" value="/mypath;
HttpOnly;">
...

hack in sun-web.xml file. Well, Actually this didn't
work (obviously in IE, which uses v0 cookie parser and
only one supporting HttpOnly) and I had to tweak the
above "a little bit".

Anyways, I searched about this on the net, but
couldn't find anything solid except that Resin and
some other AS has made this operation easy...

Now, my question is do you guys know an easy way to
incorporate this cookie parameter in other J2EE
containers, such as OracleiAS or Websphere, WebLogic,
etc. Maybe more a standard way than an easy way...

-pilon



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------