We provide a web application as a product. It is important that the "secure" and "httpOnly" flags be enabled for cookies but we have no control over this - rather it is the customer's IT.
We do not handle the cookies in our web app - the web server does and it can be any (Tomcat/Weblogic/Websphere)
Is there a way in Java that our web application can check if the web server was configured for "secure" and "httpOnly"?
That way we can inform the admin that the web server is not securely configured.