Marking cookie as HTTPOnly in J2EE 5

The Cookie API in J2EE 2.5 doesn’t have a ‘setHttpOnly’ method. So I had to resort to a work around to achieve this. Instead of doing a response.addCookie, I had to write a custom method that writes the “Set-Cookie” header and use StringBuilder to construct the header value.

Advertisements