Add HTTPOnly-Header to Jsessionid

MPDL · Aug 22, 2024 · 090512a · 090512a
1 parent 82bc828
commit 090512a
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -142,7 +142,11 @@
         <!-- in the application code, to the value that is configurable -->
         <!-- (LoginSessionTimeout in the settings table), with the -->
         <!-- default value of 8 hours. -->
-
+
+      <cookie-config>
+        <http-only>true</http-only>
+      </cookie-config>
+
         <session-timeout>
             10
         </session-timeout>