From: Roland Haeder <roland@mxchange.org>
Date: Thu, 7 Apr 2016 10:58:21 +0000 (+0200)
Subject: added some http-only configuration to avoid common XSS
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=8a39d893b5c1ddeeff6c77fa05e6f2ef356edc8a;p=pizzaservice-war.git

added some http-only configuration to avoid common XSS
---

diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml
index 288c1c7c..1cc23f32 100644
--- a/web/WEB-INF/web.xml
+++ b/web/WEB-INF/web.xml
@@ -27,8 +27,11 @@
     </servlet-mapping>
     <session-config>
         <session-timeout>
-			30
-		</session-timeout>
+            30
+        </session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
     </session-config>
     <welcome-file-list>
         <welcome-file>faces/index.xhtml</welcome-file>