Cookies, Tomcat
1. How to enable secure cookies in an application. Include below config in web.xml at the top level. <session-config> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config> Once you do that , you will have request server to set secure cookies or http only cookies and it will set those . Without this config , even if you request server to set secure cookies or http only cookies , it wont do it. This is true at least for Tomcat. 2. Some versions of Tomcat remove trailing = in cookies. To stop Tomcat from removing the trailing "=" signs, start Tomcat with "-Dorg.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE=true" option.eds