Title: About http-only Session Management Cookies http-only descriptors which confuse the readers Describe the issue: Before EAP 6.4, http-only parameter is only used in web.xml[1]. Some readers might be confuse the sso/http-only with web.xml/http-only. [1] How to enable HttpOnly and Secure Cookies in EAP6 https://access.redhat.com/solutions/338313 Suggestions for improvement: To add a note which mentions the difference each http-only Additional information:
I'm closing this issue out due to age. If it persists, file a corresponding JIRA.