Enable usehttponly feature of tomcat in WebSphere Application Server Community Edition 2.1.1.6

Technote (troubleshooting)


Problem(Abstract)

Add support for using httpOnly for session cookies. This feature is disable by default. But it is supported as of Tomcat 6.0.19.

Resolving the problem

To enable this feature, please follow the instruction below.

1. Start the server.

2. uninstall all your web applications.

3. Download the patch file.UseHttpOnlyPatch.zipUseHttpOnlyPatch.zip

4. Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file to replace the ones in the server installation.

5. Start the server.

6. Reinstall all your web applications which are uninstalled before.

7. Before deploy your web application which plans to utilize usehttponly feature into the server, please confirm the useHttpOnly flag is true in your application's geronimo-web.xml. For example,

<?xml version="1.0" encoding="UTF-8" ?>
<web:web-app xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1" xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0" xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0" xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2" xmlns:pers="http://java.sun.com/xml/ns/persistence" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:tomcat="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-2.0.1">
<dep:environment>
<dep:moduleId>
  <dep:groupId>com.ibm.wasce.samples</dep:groupId>
  <dep:artifactId>cviewer</dep:artifactId>
  <dep:version>2.1.1.6</dep:version>
  <dep:type>car</dep:type>
  </dep:moduleId>
</dep:environment>
  <web:context-root>/cviewer</web:context-root>
  <tomcat:context useHttpOnly="true" />
  </web:web-app>


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Application Server Community Edition
Tomcat

Software version:

2.1.1.6

Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:

1639947

Modified date:

2013-10-11

Translate my page

Machine Translation

Content navigation