diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java index 896852927c..35ab7f8422 100644 --- a/common/src/java/org/apache/hive/http/HttpServer.java +++ b/common/src/java/org/apache/hive/http/HttpServer.java @@ -453,6 +453,7 @@ static boolean userHasAdministratorAccess(ServletContext servletContext, WebAppContext createWebAppContext(Builder b) { WebAppContext ctx = new WebAppContext(); setContextAttributes(ctx.getServletContext(), b.contextAttrs); + ctx.getServletContext().getSessionCookieConfig().setHttpOnly(true); ctx.setDisplayName(b.name); ctx.setContextPath("/"); ctx.setWar(appDir + "/" + b.name);