<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
</session-config>
<filter>
<filter-name>SecurityXssFilter</filter-name>