1. J2EE Filters not able to get cookies? stackoverflow.com
Why aren't cookies able to be referenced from a servlet filter? It just seems beyond me that J2EE wouldn't allow you to sanitize cookie values:
2. Session hijacking: Pros/Cons of a filter that suppresses Session IDs stackoverflow.com
I am trying to address session fixation/hijacking/sidejacking on an ATG/JBoss/Tomcat site. It seems that by far, the most commons recommendations are:
3. I have a caching Servlet Filter, How do I make sure it doesn't send caching headers if there are cookies set on the response? stackoverflow.com
I have a caching Servlet Filter, the filter will, for certain URLs, add a
4. Using a filter to add a cookie to the users session stackoverflow.com
Update: The issue is with the setting used for the MaxAge. Setting it to zero will cause the cookie to be deleted, hence it was shown in the response header ...