How do you configure HttpOnly cookies in tomcat / java webapps?

Question

After reading Jeff\'s blog post on Protecting Your Cookies: HttpOnly. I\'d like to implement HttpOnly cookies in my web application.

How do you tell tomcat to use ht

Answer 1

I Found in OWASP

  
    true
  

this is also fix for "httponlycookies in config" security issue