We are seeing a different behavior in the cookie support between Tomcat version 6.0.14 and 6.0.18. The following code worked in 6.0.14 but not in 6.0.18. Is there an explanation or is there a work around? String sessionId = "Our Session ID"; String cookieValue = sessionId + "; Path=/; HttpOnly "; Cookie cookie = new Cookie("sessionId", cookieValue); cookie.setVersion(1); response.addCookie(cookie); Thanks, Kal
You can't do that. Tomcat will escape the ; in your cookie value. You'll need to set the whole cookie header directly. HttpOnly support is on the todo list for 6.0.x.
Did someone say session cookie server support? https://issues.apache.org/bugzilla/show_bug.cgi?id=44382 Mark, that's music to my ears! :)
I meant... Did someone say session cookie HTTPONLY support? https://issues.apache.org/bugzilla/show_bug.cgi?id=44382 Mark, that's music to my ears! :)