Session Cookie HttpOnly and Secure Flag – Java

08 Mar

Hi folks,

Recently, i have come across one PEN (penetration) issue. Here is the details.

All cookies are required to have ‘httponly’ and ‘secure’ flags set. Missing of either flag might result in a PEN finding.

I have made the below changes to fox this issue. The main objective os sharing this details here is , hope will helps others.

In web.xml file, make the below changes and check the result using the HttpWatch in IE, TamperData in FF.


Below are the reference URLs for more details.

Here are the some PEN Testing tools . Have a look at once.

Happy Coding !

Stay tune for more updates.

Have a nice day 🙂

Leave a comment

Posted by on March 8, 2013 in Uncategorized


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: