在Jetty 7中将JSESSIONID cookie制作为httpOnly [英] Making JSESSIONID cookie be httpOnly in Jetty 7

问题描述

我们正在运行grails 2.0 + jetty 7.6.6，并且需要将JSESSIONID cookie设置为httpOnly。
stackoverflow上的所有答案似乎都是指Servlet 3.0（需要jetty 8）或tomcat。
任何人都可以提供给我一个明确的方式来设置JSESSIONID Cookie为httpOnly为jetty 7.x？

We're running grails 2.0 + jetty 7.6.6 and need to set JSESSIONID cookie to be httpOnly. All of the answers on stackoverflow seem to refer to either Servlet 3.0 (which requires jetty 8) or to tomcat. Can anyone provide me with a clear way of setting the JSESSIONID cookie be httpOnly for jetty 7.x?

我已经尝试添加jetty-web.xml文件与以下内容，但它仍然没有工作（即JSESSIONID未标记为httpOnly）：

I have tried adding jetty-web.xml file with the following contents, but it still didn't work (i.e. the JSESSIONID wasn't marked as httpOnly):

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
    <Get name="sessionHandler">
        <Get name="sessionManager">
            <Set name="httpOnly" type="boolean">true</Set>
        </Get>
    </Get>
</Configure>

推荐答案

我只需要将jetty-正确的文件夹中的web.xml。最初，我将 jetty / etc 文件夹放入，但它应该位于 WEB-INF 目录中。

All I had to do is to put the jetty-web.xml in the right folder. Initially I was putting into jetty/etc folder, but instead it should have been in the WEB-INF directory.

这篇关于在Jetty 7中将JSESSIONID cookie制作为httpOnly的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！