httponly

We're running grails 2.0 + jetty 7.6.6 and need to set JSESSIONID cookie to be httpOnly. All of the answers on stackoverflow seem to refer to either Servlet 3.0 (which requires jetty 8) or to tomcat. Can anyone provide me with a clear way of setting the JSESSIONID cookie be httpOnly for jetty 7.x? I have tried adding jetty-web.xml file with the following contents, but it still didn't work (i.e. the JSESSIONID wasn't marked as httpOnly): <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd"> <Configure class

Anyone know how I can use httponly cookies for sessions and cookies on the app engine? In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean) , there is a setHttpOnly method. I get a compiler error when trying to use it when developing for app engine though. The method was introduced in the Servlet 3.0 spec, so its pretty new. App Engine supports the Servlet API at version 2.5, so you cannot use the setHttpOnly method. You could try to output the cookie header yourself. resp.setHeader("Set-Cookie", "A=7; expires=Fri, 31

I'm trying to turn httponly off for use in phonegap. I'm useing rails 3.1 and devise, each of which have reported (but not documented) ways of doing this, none of which work: # application.rb config.session_options = { :httponly => false } # no effect config.session = { :httponly => false } # undefined method `session=' # devise.rb config.cookie_options = { :httponly => false } # also no effect to test I restarted the server, deleted the existing cookie, and reloaded the page. 'Http' column was still checked in the chrome debugger. help! This little snippet seems to work : Testapp::Application

We need to ensure that all cookies on a CF7 site are set as HttpOnly. We are using jsessionid to control our sessions, and JRun does not create this as HttpOnly. Whilst it is possible to modify an existing cookie to add this setting, we need to have it set to HttpOnly from the start. Any suggestions? Related Question: Setting Secure flag for HTTPS cookies. Salazar Mubarak From: http://www.petefreitag.com/item/764.cfm Running CF 8 or Lower and using Application.cfc <cfcomponent> <cfset this.sessionmanagement = true> <cfset this.setclientcookies = false> <cffunction name="onSessionStart">