This is just a quick tip for those who are configuring HttpOnly on GlassFish. To enable it, you simply add the following to your web.xml.
The default on GlassFish is to have it enabled anyway, and you must explicitly disable it.
UPDATE:
The issue I had was testing it. When I deployed my application to localhost I did not see any of the cookies being marked as HttpOnly. I was using Chrome and auto-deploying my application, before I turned on the developer tools. The initial request contained the header marking it as HttpOnly. You can confirm it by easily using JSF and the method below. Simply invalidate the session while using the developer tools and examine the response returned.
I got a response header like the one below.
Monday, June 24, 2013
Subscribe to:
Post Comments
(
Atom
)
Popular Posts
-
Introduction This article is not another diatribe to tell you the importance of unit testing. I think we can all agree that it is important...
-
A friend of mine asked me if there was a list of reserved words in EL and JSF. He had previously looked for it, and after some Google search...
-
I saw a question posed on stackoverflow called Trouble with Primefaces 3.0.M2 SelectOneMenu Ajax behavior and I had just done an example a...
-
I was working on a couple of SSL based issues when I made a couple of observations. The default self-signed key generation in Java does not ...
-
This is an example on how to make a system call to the local operating system to execute external programs. This example was written to work...
-
We have been doing a lot of work lately with PrimeFaces. A common set of questions comes up about displaying <p:dialog/> boxes on a pa...
-
I was asked earlier today how to reset fields in a JSF application, if the validation fails. In his case, he had a Richfaces table which had...
-
Image by quasarkitten via Flickr The basics for creating a Maven archetype can be found in the Maven - Guide to Creating Archetypes . The ...
-
Previously, I posted an example of how to use JSF 1.2 with form based authentication (j_security_check). In this example, I use JSF 2.x to...
-
Abstract A common use case is to iterate over a collection of elements, and display them on a page. In the world of JSP, we would use a Ja...
0 comments :
Post a Comment