Cookie config in servlet web app

I want to change session cookie name, make it secure and httpOnly. So, apparently this should be done via the web.xml file.
Based in Servlet Programming techniques - cookie-config (Japanese) I edited the src/main/webapp/WEB-INF/web.xml file:

<web-app version="3.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemalocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <session-config>
        <cookie-config>
            <name>SASSESSION</name>
            <http-only>true</http-only>
            <secure>true</secure>
        </cookie-config>
    </session-config>

</web-app>

Now we have a customized session cookie:

curl -D - -o /dev/null http://localhost:9080/MyContext

...
X-Powered-By: Servlet/3.1
...
Set-Cookie: SASSESSION=0000GEg4qyTVnFKTdrdFjUC8eK0:5e81c98f-2566-49b3-9d72-b0efc4489ff8; Path=/; Secure; HttpOnly
...

Notes

• In IBM WAS Liberty the cookie can be configured via server.xml too. In httpSession, cookieSecure and cookieHttpOnly are by default false and true respectively. See www.ibm.com/support/knowledgecenter/ja. I personally prefer not to touch the server.xml as much as possible.
• There is a bug in Eclipse (I am in 4.6.0) that shows cvc-complex-type.2.4.a: Invalid content was found starting with element 'http-only'. Happily I could work-around it by changing the order of elements inside of cookie-config. Maybe bug: cvc-complex-type.2.4.a: Invalid content was found starting with element 'auth-constraint' is not 100% solved after all.