Java应用程序中的SameSite Cookie [英] SameSite cookie in Java application

问题描述

您知道任何允许为Cookie设置自定义标志的Java cookie实现，例如 SameSite = strict 吗？似乎 javax.servlet .http.Cookie 的标志集受到严格限制，可以添加。

Do you know any Java cookie implementation which allows to set a custom flag for cookie, like SameSite=strict? It seems that javax.servlet.http.Cookie has a strictly limited set of flags which can be added.

推荐答案

<我不是JEE专家，但是我认为由于cookie属性是一个有点新的发明，因此您不能期望它会出现在Java EE 7接口或实现中。 Cookie 类似乎缺少通用属性的设置器。但是不是通过以下方式将cookie添加到您的 HttpServletResponse ：

I am not a JEE expert, but I think that because that cookie property is a somewhat new invention, you cannot expect it to be present in Java EE 7 interfaces or implementations. The Cookie class is missing a setter for generic properties, as it seems. But instead of adding the cookie to your HttpServletResponse via

response.addCookie(myCookie)

您只需通过

response.setHeader("Set-Cookie", "key=value; HttpOnly; SameSite=strict")

---

更新：感谢 @mwyrzyk 指出 setHeader（）会覆盖所有相同名称的现有标头。因此，如果您的响应中已经有其他 Set-Cookie 标头，则当然可以将 addHeader（）与而是使用相同的参数。

---

Update: Thanks to @mwyrzyk for pointing out that setHeader() overwrites all existing headers of the same name. So if you happen have other Set-Cookie headers in your response already, of course you would use addHeader() with the same parameters instead.

这篇关于Java应用程序中的SameSite Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！