Java应用程序中的SameSite Cookie [英] SameSite cookie in Java application
问题描述
您知道任何允许为Cookie设置自定义标志的Java cookie实现,例如 SameSite = strict
吗?似乎 javax.servlet .http.Cookie
的标志集受到严格限制,可以添加。
Do you know any Java cookie implementation which allows to set a custom flag for cookie, like SameSite=strict
? It seems that javax.servlet.http.Cookie
has a strictly limited set of flags which can be added.
推荐答案
<我不是JEE专家,但是我认为由于cookie属性是一个有点新的发明,因此您不能期望它会出现在Java EE 7接口或实现中。 Cookie
类似乎缺少通用属性的设置器。但是不是通过以下方式将cookie添加到您的 HttpServletResponse
:
I am not a JEE expert, but I think that because that cookie property is a somewhat new invention, you cannot expect it to be present in Java EE 7 interfaces or implementations. The Cookie
class is missing a setter for generic properties, as it seems. But instead of adding the cookie to your HttpServletResponse
via
response.addCookie(myCookie)
您只需通过
response.setHeader("Set-Cookie", "key=value; HttpOnly; SameSite=strict")
更新:感谢 @mwyrzyk 指出 setHeader()
会覆盖所有相同名称的现有标头。因此,如果您的响应中已经有其他 Set-Cookie
标头,则当然可以将 addHeader()
与而是使用相同的参数。
Update: Thanks to @mwyrzyk for pointing out that setHeader()
overwrites all existing headers of the same name. So if you happen have other Set-Cookie
headers in your response already, of course you would use addHeader()
with the same parameters instead.
这篇关于Java应用程序中的SameSite Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!