This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Two of the OWASP security recommendations for web applications involve setting the HttpOnly and secure attributes within the session cookie, however the following link below from OWASP indicates that it is not possible to set these flags programatically in Struts2.
Interesting paper. I'm not a security expert, but I'm curious why, on page 14, the author proposes to "bring back the validate() method" when that method is available in com.opensymphony.xwork2 ActionSupport for providing programmatic validation.