Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I tell from a java web application that the "secure" and 'httponly" flags for cookies were enabled at the level of the web server (Tomcat/Websphere/Weblogic)?

Posted on 2015-02-15
1
Medium Priority
?
211 Views
Last Modified: 2015-03-03
We provide a web application as a product. It is important that the "secure" and "httpOnly" flags be enabled for cookies but we have no control over this - rather it is the customer's IT.

We do not handle the cookies in our web app - the web server does and it can be any (Tomcat/Weblogic/Websphere)

Is there a way in Java that our web application can check if the web server was configured for "secure" and "httpOnly"?
That way we can inform the admin that the web server is not securely configured.
0
Comment
Question by:Aaron Mirsky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40611755
Basically no.  The only thing that is returned from the browser is the name and the value of the cookie.  If you have gone to one of the pages in Firefox, you can look at the cookies in Tools -> Options -> Privacy and see if the cookie requires an encrypted connection.  I can't find anywhere that you can check to see if 'httponly' is set.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question