cookie-httponly

I try to play some mp3 files via the html5 audio-tag. For the desktop this works great (with Chrome), but when it comes to the mobile browsers (also Chrome (for Android)), there seem to be some difficulties: I protected the stream with some password an therefore the streaming server needs to find a special authentification cookie (spring security remember-me). But somehow the mobile browser doesn't send this cookie when it accesses the mp3-stream via the audio tag. When I enter the stream URL directly to the address bar everything works just fine. While I searched for the lost cookie I found

I can see that HttpOnly cookies are good for security , however they make logging out without server interaction impossible, right? 1 So when the network fails, you can't log out and leave. I can imagine a workaround, but I'd like to ask first does it make sense to handle this case are there any standard solutions for this? 1 Assuming you're actually using them. If by logging out you mean removing the session cookie, then no, you cannot remove HttpOnly cookies from Javascript. It is, however, easy to set up two cookies, one HttpOnly and one insecure, such that only a combination of the two is

here is a function that sets a cookie: public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) { Cookie cookie = new Cookie(cookieName, cookieValue); cookie.setPath("/mycampaigns"); cookie.setSecure(isSecureCookie); cookie.setMaxAge(maxAge); response.addCookie(cookie); } I believe in servlet 3.0, there is a way to do this directly. Unfortunately my organization uses 2.5 and UPGRADING at this juncture IS NOT AN OPTION. is there way to use the response to set the cookie? Here's an example i found online response.setHeader("SET-COOKIE", "[SOME