From 090512a2393b5028e2e9f1a436143e5949f84143 Mon Sep 17 00:00:00 2001
From: Benjamin Knoth <knoth@mpdl.mpg.de>
Date: Thu, 22 Aug 2024 16:29:39 +0200
Subject: [PATCH 1/2] Add HTTPOnly-Header to Jsessionid

---
 src/main/webapp/WEB-INF/web.xml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 427615f2f0b..0bf8b26b76f 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -142,7 +142,11 @@
         <!-- in the application code, to the value that is configurable -->
         <!-- (LoginSessionTimeout in the settings table), with the -->
         <!-- default value of 8 hours. -->
-        
+	    
+      <cookie-config>
+        <http-only>true</http-only>
+      </cookie-config>
+	    
         <session-timeout>
             10
         </session-timeout>

From 391f7468f6d2d21f230aeb6de20cfbddc1e19ae8 Mon Sep 17 00:00:00 2001
From: haarli <haarlaender@mpdl.mpg.de>
Date: Mon, 14 Oct 2024 15:44:46 +0200
Subject: [PATCH 2/2] Update web.xml

httpOnly for cookies
---
 src/main/webapp/WEB-INF/web.xml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 0bf8b26b76f..63757e43995 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -142,14 +142,13 @@
         <!-- in the application code, to the value that is configurable -->
         <!-- (LoginSessionTimeout in the settings table), with the -->
         <!-- default value of 8 hours. -->
-	    
-      <cookie-config>
-        <http-only>true</http-only>
-      </cookie-config>
-	    
+	     
         <session-timeout>
             10
         </session-timeout>
+	<cookie-config>
+	        <http-only>true</http-only>
+      	</cookie-config>
         <!-- Uncomment the line below to disble `;jsessionid=` in URLs -->
 	<!-- tracking-mode>COOKIE</tracking-mode -->
     </session-config>