Merge pull request #235 from hongwei1/develop

refactor/set the secure and http-only to true as default
OpenBankProject · Nov 21, 2023 · 33f9610 · 33f9610
2 parents 40e289c + 5ff8bbc
commit 33f9610
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -18,4 +18,12 @@ PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   <url-pattern>/*</url-pattern>
 </filter-mapping>
 
+<!--set  the status of HttpOnly and Secure cookie flags-->
+<session-config>
+  <cookie-config>
+    <secure>true</secure>
+    <http-only>true</http-only>
+  </cookie-config>
+</session-config>
+
 </web-app>