====== Cookie ======
* [[http://en.wikipedia.org/wiki/HTTP_cookie|HTTP Cookie]]
* [[https://www.owasp.org/index.php/HttpOnly|HTTPOnly]]
===== Servlet and HTTPOnly =====
==== Servlet 3.0 ====
* ''web.xml'' 설정으로 세션 쿠키를 HTTPOnly로 설정
true
* [[http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)|Cookie#setHttpOnly]]
==== Servlet 2.x ====
response.setHeader( "Set-Cookie", "name=value; HttpOnly");
==== Tomcat 구버전 ====
* [[http://stackoverflow.com/questions/33412/how-do-you-configure-httponly-cookies-in-tomcat-java-webapps|security - How do you configure HttpOnly cookies in tomcat / java webapps?]]
* httpOnly is supported as of Tomcat 6.0.19 and Tomcat 5.5.28.
...