Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I tell from a java web application that the "secure" and 'httponly" flags for cookies were enabled at the level of the web server (Tomcat/Websphere/Weblogic)?

Posted on 2015-02-15
1
Medium Priority
?
220 Views
Last Modified: 2015-03-03
We provide a web application as a product. It is important that the "secure" and "httpOnly" flags be enabled for cookies but we have no control over this - rather it is the customer's IT.

We do not handle the cookies in our web app - the web server does and it can be any (Tomcat/Weblogic/Websphere)

Is there a way in Java that our web application can check if the web server was configured for "secure" and "httpOnly"?
That way we can inform the admin that the web server is not securely configured.
0
Comment
Question by:Aaron Mirsky
1 Comment
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40611755
Basically no.  The only thing that is returned from the browser is the name and the value of the cookie.  If you have gone to one of the pages in Firefox, you can look at the cookies in Tools -> Options -> Privacy and see if the cookie requires an encrypted connection.  I can't find anywhere that you can check to see if 'httponly' is set.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question