Cookie设置HttpOnly,Secure,Expire属性
2018-03-30 17:47
996 查看
在Web工程上增加一个Filter对Cookie进行处理public class CookieFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
Cookie[] cookies = req.getCookies();
if (cookies != null) {
Cookie cookie = cookies[0];
if (cookie != null) {
/*cookie.setMaxAge(3600);
cookie.setSecure(true);
resp.addCookie(cookie);*/
//Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append("JSESSIONID=" + value + "; ");
builder.append("Secure; ");
builder.append("HttpOnly; ");
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, 1);
Date date = cal.getTime();
Locale locale = Locale.CHINA;
SimpleDateFormat sdf =
new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale);
builder.append("Expires=" + sdf.format(date));
resp.setHeader("Set-Cookie", builder.toString());
}
}
chain.doFilter(req, resp);
}
public void destroy() {
}
public void init(FilterConfig arg0) throws ServletException {
}
}web.xml:
<filter> <filter-name>cookieFilter</filter-name> <filter-class>com.sean.CookieFilter</filter-class>
</filter>
<filter-mapping> <filter-name>cookieFilter</filter-name>
<url-pattern>/*</url-pattern> </filter-mapping>
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
Cookie[] cookies = req.getCookies();
if (cookies != null) {
Cookie cookie = cookies[0];
if (cookie != null) {
/*cookie.setMaxAge(3600);
cookie.setSecure(true);
resp.addCookie(cookie);*/
//Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append("JSESSIONID=" + value + "; ");
builder.append("Secure; ");
builder.append("HttpOnly; ");
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, 1);
Date date = cal.getTime();
Locale locale = Locale.CHINA;
SimpleDateFormat sdf =
new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale);
builder.append("Expires=" + sdf.format(date));
resp.setHeader("Set-Cookie", builder.toString());
}
}
chain.doFilter(req, resp);
}
public void destroy() {
}
public void init(FilterConfig arg0) throws ServletException {
}
}web.xml:
<filter> <filter-name>cookieFilter</filter-name> <filter-class>com.sean.CookieFilter</filter-class>
</filter>
<filter-mapping> <filter-name>cookieFilter</filter-name>
<url-pattern>/*</url-pattern> </filter-mapping>
相关文章推荐
- Cookie设置HttpOnly,Secure,Expire属性
- Cookie设置HttpOnly,Secure,Expire属性
- Cookie设置HttpOnly,Secure,Expire属性
- Cookie设置HttpOnly,Secure,Expire属性
- cookie的secure、httponly属性设置
- cookie 设置 httpOnly属性
- 设置Jetty服务器的cookie为secure和httponly
- Http中Cookie的HttpOnly和secure属性
- PHP设置COOKIE的HttpOnly属性
- 设置cookie的httponly属性
- 浅谈HTTP Cookie 的 Secure 和 HTTPONLY属性
- Cookie设置HttpOnly属性,防止前端脚本更改cookie的XSS攻击
- PHP设置Cookie的HTTPONLY属性
- 浅谈HTTP Cookie 的 Secure 和 HTTPONLY属性
- Cookie的httponly属性设置方法
- 浅谈HTTP Cookie 的 Secure 和 HTTPONLY属性
- Cookie的secure和httpOnly属性的含义
- express中设置cookie的httpOnly属性防御xss攻击
- PHP设置Cookie的HTTPONLY属性方法
- 设置Jetty服务器的cookie为secure和httponly