http:cookie

목차

Cookie
- Servlet and HTTPOnly

Servlet and HTTPOnly

Servlet 3.0

web.xml 설정으로 세션 쿠키를 HTTPOnly로 설정

<session-config>
 <cookie-config>
  <http-only>true</http-only>
 </cookie-config>
<session-config>

Cookie#setHttpOnly

Servlet 2.x

response.setHeader( "Set-Cookie", "name=value; HttpOnly");

Tomcat 구버전

security - How do you configure HttpOnly cookies in tomcat / java webapps?
httpOnly is supported as of Tomcat 6.0.19 and Tomcat 5.5.28.
```
<Context useHttpOnly="true">
...
</Context>
```