Configuring Tomcat to use HttpOnly Session ID Cookies is not Included in the latest Preventing Security Attacks Documentation.

XMLWordPrintable

    • 8
    • Severity 3 - Minor
    • 3

      As mentioned in the summary, it seems that the details to add HttpOnly flag are not added in the documentation for JIRA 7. In JIRA 6.4 documentation, this section exists while in JIRA 7.2. The difference could be seen below:

            Assignee:
            Oksana Levchuk
            Reporter:
            Julian (Inactive)
            Votes:
            5 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: