Reputation: 21
Set Cookies to HttpOnly on PrimeFaces premium theme
I need to add HttpOnly to all the cookies on my PrimeFace project.
I have tried to set-up the cookies through the web.xml web.xml
but the cookie that is created on the layout.js poseidon_expandeditems is created twice, once with the flag HttpOnly, but the other without it.
How can I set all the cookies created in my project to have the HttpOnly?
Upvotes: 2
Views: 445
Answers (1)
Reputation: 12019
You cannot set the cookie to be HTTP Only as that would not make it available to Javascript code. Layout in Poseidon is creating and managing the cookie with Javascript so it must not have HTTP Only so it can manipulate the cookie. Why do you think it needs to be HttpOnly?
from Babylon theme layout.js for example...
saveMenuState: function () {
$.cookie('babylon_expandeditems', this.expandedMenuitems.join(','), { path: '/' });
},
saveScrollState: function (value) {
$.cookie('babylon_scroll', value, { path: '/' });
},
clearMenuState: function () {
$.removeCookie('babylon_expandeditems', { path: '/' });
$.removeCookie('babylon_active_route', { path: '/' });
$.removeCookie('babylon_static_menu_inactive', { path: '/' });
$.removeCookie('babylon_scroll', { path:'/' });
},
If you still have questions I suggest raising it on the Poseidon theme forum: https://forum.primefaces.org/viewforum.php?f=43
Upvotes: 3
Related Questions
- content-security-policy header for a jsf, primefaces application
- JSF / primefaces Session - Session gets lost
- Make all cookies secure in a JSF Application
- How to add cookie in JSF?
- JSF PrimeFaces ajax request after logout and session invalidation
- JSF 2.0: cookies are not persisted immediately after AJAX call, HTTP request required
- In JSF2.0, how do I write out cookies in facelets?
- Primefaces p:ajaxStatus for non ajax requests
- Cookies for "Remember me" in JSF
- How to use cookies in JSF