Is cookieHttpOnly available in Weblogic 8.x ?? I need to set the session cookies to HTTP only for security reasons and unable to find anything in the weblogic.xml deployment descriptor.
http://docs.oracle.com/cd/E13222_01/wls/docs81/webapp/weblogic_xml.html
Please help!
httpOnly cookie attribute is available from weblogic 9.2 onwards.
But there is a work around to this, check: https://www.owasp.org/index.php/HTTPOnly
For 9.2 see Weblogic descriptor elements for 9.2