Solved

How can I tell from a java web application that the "secure" and 'httponly" flags for cookies were enabled at the level of the web server (Tomcat/Websphere/Weblogic)?

Posted on 2015-02-15
1
180 Views
Last Modified: 2015-03-03
We provide a web application as a product. It is important that the "secure" and "httpOnly" flags be enabled for cookies but we have no control over this - rather it is the customer's IT.

We do not handle the cookies in our web app - the web server does and it can be any (Tomcat/Weblogic/Websphere)

Is there a way in Java that our web application can check if the web server was configured for "secure" and "httpOnly"?
That way we can inform the admin that the web server is not securely configured.
0
Comment
Question by:Aaron Mirsky
1 Comment
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40611755
Basically no.  The only thing that is returned from the browser is the name and the value of the cookie.  If you have gone to one of the pages in Firefox, you can look at the cookies in Tools -> Options -> Privacy and see if the cookie requires an encrypted connection.  I can't find anywhere that you can check to see if 'httponly' is set.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now