[2.1.3 Java] PLAY_SESSION - how to remove HttpOnly

[Natalia C.]

I am working with cross-domain requests and need to be able to send PLAY_SESSION cookies from browser back to the server. I did some research, and one of the possible solutions was to remove HttpOnly  attribute from the Set-Cookie header with PLAY_SESSION. I tried doing it from the application.config with session.httpOnly="false" but it didn't work. Any ideas how to make PLAY_SESSION cookies available in cross-domain requests?

Thanks.

[Borut]

This might help you: http://stackoverflow.com/questions/14430119/play-2-0-1-and-setting-access-control-allow-origin

[Fetteni Lotfi]

Thank you very much Borut for your helping.

On 27 August 2014 15:59, Borut <borut....@gmail.com> wrote:

This might help you: http://stackoverflow.com/questions/14430119/play-2-0-1-and-setting-access-control-allow-origin

--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Natalia C.]

Thanks but I alleady have CORS implemented in my REST service and allow cross- domain requests. The issue arises when I need to access a value from my session object. Play framework implements session as a session cookie that gets passed between browser and REST service, so if the client is on the different domain, browser refuses to store cookie and pass it back to the server. I need to force browser to accept PLAY_SESSION cookie and include it with every request to the rest service on the different domain.