Site icon Narayana Tutorial

Cookie Not Marked as HttpOnly

HTTPOnly cookies cannot be read by client-side scripts, therefore marking a cookie as HTTPOnly can provide an additional layer of protection against cross-site scripting attacks.

Solution

 
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>