使用javax.servlet设置httponly cookie 2.5 [英] Setting an httponly cookie with javax.servlet 2.5

问题描述

这里是一个设置cookie的函数：

here is a function that sets a cookie:

public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) {
    Cookie cookie = new Cookie(cookieName, cookieValue);
    cookie.setPath("/mycampaigns");
    cookie.setSecure(isSecureCookie);
    cookie.setMaxAge(maxAge);
    response.addCookie(cookie);
}

我相信servlet 3.0，有一种方法可以直接做到这一点。不幸的是，我的组织使用2.5和升级在这个时刻不是一个选择。

I believe in servlet 3.0, there is a way to do this directly. Unfortunately my organization uses 2.5 and UPGRADING at this juncture IS NOT AN OPTION.

有使用响应设置cookie的方式吗？这里是我在线找到的示例

is there way to use the response to set the cookie? Here's an example i found online

response.setHeader("SET-COOKIE", "[SOME STUFF]" +"; HttpOnly")

如果这是唯一的方式来做我想要的， STUFF]，以便我不会丢失我的函数当前存储在cookie中的任何数据？

If this is the only way to do what i want, what would i replace "[SOME STUFF]" with so that i don't lose any of the data that my function currently stores in the cookie?

推荐答案

您还可以使用javax.ws.rs.core.NewCookie或任何其他有用的toString类

You can also use javax.ws.rs.core.NewCookie or any other class with useful toString method to print cookie to a header to make things more simple.

public static String getHttpOnlyCookieHeader(Cookie cookie) {

    NewCookie newCookie = new NewCookie(cookie.getName(), cookie.getValue(), 
            cookie.getPath(), cookie.getDomain(), cookie.getVersion(), 
            cookie.getComment(), cookie.getMaxAge(), cookie.getSecure());

    return newCookie + "; HttpOnly";
}

而用法：

response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(myOriginalCookie));

这篇关于使用javax.servlet设置httponly cookie 2.5的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！