Support for HttpOnly with optionally Secure and SameSite flag for Cookies
P.s. I do see a 'secure' property for cookies in the Velocity plugin but there is no tooltip and the Wiki also doesn't mention it.
Updated by Patrick Talbot almost 2 years ago
The "secure" property adds the secure flag indeed.
There's no property for HttpOnly and SameSite, because I am relying on java's libraries from previous versions that exposes methods for secure but not the others.
I'll check with newer versions and see if this is available, if so, I'll add the properties, although I will have to add some Reflection code to avoid MethodNotFoundException if Velocity is running in older java versions.
Starting with Java 8 javax.servlet.http.Cookie (which is in /lib/servlet-api.jar) it looks like HttpOnly is supported (But not SameSite):