会话cookie中缺少HttpOnly属性 解决

会话cookie中缺少HttpOnly属性 解决

 

只需要写一个过滤器即可

会话cookie中缺少HttpOnly属性 解决
 1 package com.neusoft.streamone.framework.security.filter;
2
3 import java.io.IOException;
4
5 import javax.servlet.Filter;
6 import javax.servlet.FilterChain;
7 import javax.servlet.FilterConfig;
8 import javax.servlet.ServletException;
9 import javax.servlet.ServletRequest;
10 import javax.servlet.ServletResponse;
11 import javax.servlet.http.Cookie;
12 import javax.servlet.http.HttpServletRequest;
13 20 public class CookieHttpOnlyFilter implements Filter
21 {
22
23 @Override
24 public void destroy()
25 {
26
27 }
28
29 @Override
30 public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
31 {
32 Cookie[] cookies = ((HttpServletRequest)request).getCookies();
33 if(cookies!=null)
34 {
35 for(Cookie cookie : cookies){
36 //tomcat7 支持该属性,tomcat6不支持
37 cookie.setHttpOnly(true);
38 }
39 }
40 filterChain.doFilter(request, response);
41 }
42
43 @Override
44 public void init(FilterConfig arg0) throws ServletException
45 {
46
47 }
48
49 }
会话cookie中缺少HttpOnly属性 解决
上一篇:Java中的会话Cookie&&Session


下一篇:php 中数据类型