httpOnly Session Cookie + Servlet 3.0 (e.g. Glassfish v3)

Question

By default, Glassfish v3 doesn\'t set the httpOnly flag on session cookies (when created as usual with request.getSession()).

I know, there is a method

Answer 1

You can also add true to boost the security.

    
        true 
        true