Servlet 2.5 api does not allow to set cookie HttpOnly, but Servlet 3.0 does.
Other option is to bypass servlet cookie api entirely and use plain Set-Cookie
response header.
Original issue reported on code.google.com by vasyal...@gmail.com on 2 May 2013 at 7:32
Original issue reported on code.google.com by
vasyal...@gmail.comon 2 May 2013 at 7:32