M
Michael Jacobs
Guest
You can control the 'HttpOnly' Cookie option at either the server level (for all web applications) or at the individual web application level via the context attribute 'useHttpOnly=false'. I would not recommend this being set at the server level unless you are assured that your web application will forever be the only web application running. I'd look at implementing this in a web application specific META-INF/context.xml file. Once the 'HttpOnly' option is off in the cookie, then see if your JS client can see it.
Continue reading...
Continue reading...