I want to make my session cookie HttpOnly
. Based on this article, I added this to my application.ini
:
resources.session.cookie_httponly = true
Unfortunately, when I look at the session cookie in Firecookie, it is not marked as HttpOnly
as I have specified. What step am I missing?