Making Cookies HTTPOnly

[ChakshuGautam]

Software and hardware versions

macOS Docker Compose, Aggregate v2.0.5 [Self built WAR] behind NGINX reverse proxy

Problem description

Trying to make cookies secure by

proxy_cookie_path / "/; HTTPOnly; Secure"; But I see that HTTPOnly cannot be enabled due to doc.cookie API being used internally to cache.

Found the context.xml file which explicitly does not allow this. Is there a specific reason?

<Context useHttpOnly="false">
  <JarScanner>
    <JarScanFilter pluggabilitySkip="*" tldSkip="*" />
  </JarScanner>
</Context>