Wish B4J server set jsessionid cookie HttpOnly

Erel

B4X founder
Staff member
Licensed User
Longtime User
You can set HttpOnly with this code:
B4X:
Dim jo As JavaObject = srvr
   Dim sessionmanager As JavaObject = _
     jo.GetFieldJO("context").RunMethodJO("getSessionHandler", Null).RunMethod("getSessionManager", Null)
   sessionmanager.RunMethod("setHttpOnly", Array(True))
Run it after you call Server.Start.

I tested this code with FireBug:
SS-2014-08-31_10.13.41.png
 
Top