Secure and HttpOnly flags for session cookie Websphere 7, 8.*
http://stackoverflow.com/questions/9193112/secure-and-httponly-flags-for-session-cookie-websphere-7 To set Secure flag to JSESSIONID cookie (same for WebSphere 7.x and 8.x): log in log in WebSphere admin console Navigate to Server > Server types > WebSphere application servers Click on server name (default is server1) Click on link Web Container settings > Web Container Click on link Session Management Click on link…