In my application I want to make JSESSIONID cookie to httpOnly and want to specify path for it for security purpose as it is having '/' as a default path. So I added following code after session creation.
After this JSESSIOND cookie path getting set as I have mentioned.
But as request process further another JSESSIONID cookie is getting created with '/' as a default path.
I am perfectly ok with how container is handling session. I just wanted to make JSESSIONID cookie as httpOnly and want to set it's path as it is suggested by Security Audit Group team.
But I am still unable to do it.
Any guidance related to it would be very helpful.