Announcement Announcement Module
Collapse
No announcement yet.
httpOnly on Context Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • httpOnly on Context

    Hello,

    I am running compliance check on my web application and there was a vulnerability saying cookie doesn't contain httpOnly. I am using tomcat 7.0.27. I assume from the posts that tomcat 7+ by default have this flag as true.

    I have also explicitly set it on my context as true. I have also set the session-config / cookie-config as secure.

    But still I get the same vulnerability. I am confused.

    Can someone help me out please?

    Thanks & Regards
    Surya
Working...
X