Update web.xml

httpOnly for cookies
MPDL · Oct 14, 2024 · 391f746 · 391f746
1 parent 090512a
commit 391f746
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -142,14 +142,13 @@
         <!-- in the application code, to the value that is configurable -->
         <!-- (LoginSessionTimeout in the settings table), with the -->
         <!-- default value of 8 hours. -->
-
-      <cookie-config>
-        <http-only>true</http-only>
-      </cookie-config>
-
+
         <session-timeout>
             10
         </session-timeout>
+	<cookie-config>
+	        <http-only>true</http-only>
+      	</cookie-config>
         <!-- Uncomment the line below to disble `;jsessionid=` in URLs -->
 	<!-- tracking-mode>COOKIE</tracking-mode -->
     </session-config>