Java HttpOnly标志 [英] Java HttpOnly Flag
本文介绍了Java HttpOnly标志的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用Servlet 3.0,我想使用HttpOnly标志来保护我的Cookie。我的web.xml是
I used Servlet 3.0 and I want secure my cookies with HttpOnly flag. my web.xml is
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
</web-app>
而我的Servlet是
and my Servlet is
response.setContentType("application/json");
PrintWriter pw = response.getWriter();
Cookie cookie = new Cookie("url", "google.com");
cookie.setMaxAge(60 * 60); //1 hour
response.addCookie(cookie);
pw.println("Cookies created");
my context.xml
my context.xml is
<Context cookies="true" crossContext="true" useHttpOnly="true">
<SessionCookie httpOnly="true"/>
</Context>
但我可以从Javascript读取Cookie。可以有人帮助我吗?
but I can read cookies from Javascript . Can anybody help me?
推荐答案
web.xml仅配置session-cookie。
The web.xml only configures the session-cookie.
您应该添加
cookie.setHttpOnly(true);
到您的Servlet。
to your Servlet.
这篇关于Java HttpOnly标志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文