Hi ,
I need to mitigate surf jacking in the web application, For that recommendations is to set the cookie as secure .
I tried below one in web.xml , but it doesn't works .
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
Could any advice how to mitigate this surf jacking
Thanks in advance.