]> git.mxchange.org Git - pizzaservice-war.git/commitdiff
projects / pizzaservice-war.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 02a5068)
added some http-only configuration to avoid common XSS
authorRoland Haeder <roland@mxchange.org>
Thu, 7 Apr 2016 10:58:21 +0000 (12:58 +0200)
committerRoland Haeder <roland@mxchange.org>
Thu, 7 Apr 2016 10:58:21 +0000 (12:58 +0200)
web/WEB-INF/web.xml patch | blob | history

diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml
index 288c1c7c32c450caaae32a2f6027d272e79304c7..1cc23f32f58aeeb53405c89a47b3c2434b016c60 100644 (file)
--- a/web/WEB-INF/web.xml
+++ b/web/WEB-INF/web.xml
@@ -27,8 +27,11 @@
     </servlet-mapping>
     <session-config>
         <session-timeout>
-                       30
-               </session-timeout>
+            30
+        </session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
     </session-config>
     <welcome-file-list>
         <welcome-file>faces/index.xhtml</welcome-file>
Unnamed repository; edit this file 'description' to name the repository.