This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes HttpOnly, setSecure Cookie not coming from Browser to Servlet. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "HttpOnly, setSecure Cookie not coming from Browser to Servlet." Watch "HttpOnly, setSecure Cookie not coming from Browser to Servlet." New topic
Author

HttpOnly, setSecure Cookie not coming from Browser to Servlet.

Anirudh Gupta
Ranch Hand

Joined: Dec 08, 2010
Posts: 47

Hi All,

The 1st request is handled by a servlet where 4 cookies are set and then request is forwarded to a JSP.



The JSP's response header when studied using Development tool's Network tab can be seen to have all the cookies in the response header.
However in Resources tab only the simple and HTTPOnly cookies can be observed and the Javascript code can access only simple cookies.

The JSP form's action is a servlet. This is where my question is.

The request received in the 2nd servlet when queried appears to NOT contain any Secure Cookies and the HTTPOnly cookies also do not
show up as HTTPOnly(ck.isHttpOnly()). WHY is this so?

Regards,
Anirudh.

Regards,
Anirudh
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: HttpOnly, setSecure Cookie not coming from Browser to Servlet.