====== Cookie ======
  * [[http://en.wikipedia.org/wiki/HTTP_cookie|HTTP Cookie]]
  * [[https://www.owasp.org/index.php/HttpOnly|HTTPOnly]]

===== Servlet and HTTPOnly =====
==== Servlet 3.0 ====
  * ''web.xml'' 설정으로 세션 쿠키를 HTTPOnly로 설정 <code xml>
<session-config>
 <cookie-config>
  <http-only>true</http-only>
 </cookie-config>
<session-config>
</code>
  * [[http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)|Cookie#setHttpOnly]] 
==== Servlet 2.x ====
<code java>
response.setHeader( "Set-Cookie", "name=value; HttpOnly");
</code>

==== Tomcat 구버전 ====
  * [[http://stackoverflow.com/questions/33412/how-do-you-configure-httponly-cookies-in-tomcat-java-webapps|security - How do you configure HttpOnly cookies in tomcat / java webapps?]]
  * httpOnly is supported as of Tomcat 6.0.19 and Tomcat 5.5.28.<code xml>
<Context useHttpOnly="true">
...
</Context>
</code>