CASTGC Cookie and HttpOnly Flag

Let's assume you employ CAS to be your single sign-on solution. Upon receiving correct credentials from the user CAS generates CASTGC cookie, which is marked with Secured flag. And assume you want to add HttpOnly flag to the cookie, to prevent accessing it via non-HTTP methods. CAS of version 3.5.0 depends on servlet-api »