====== Cookie ====== * [[http://en.wikipedia.org/wiki/HTTP_cookie|HTTP Cookie]] * [[https://www.owasp.org/index.php/HttpOnly|HTTPOnly]] ===== Servlet and HTTPOnly ===== ==== Servlet 3.0 ==== * ''web.xml'' 설정으로 세션 쿠키를 HTTPOnly로 설정 true * [[http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)|Cookie#setHttpOnly]] ==== Servlet 2.x ==== response.setHeader( "Set-Cookie", "name=value; HttpOnly"); ==== Tomcat 구버전 ==== * [[http://stackoverflow.com/questions/33412/how-do-you-configure-httponly-cookies-in-tomcat-java-webapps|security - How do you configure HttpOnly cookies in tomcat / java webapps?]] * httpOnly is supported as of Tomcat 6.0.19 and Tomcat 5.5.28. ...