[英]How do i disable HttpOnly cookies in Vaadin?
I have set the cookie in Vaadin and try to get it from another application which was running on the different server but I was not able to get that cookie what i have set in Vaadin? 我已经在Vaadin中设置了cookie,并尝试从在不同服务器上运行的另一个应用程序中获取它,但是我无法从我在Vaadin中设置的cookie中获得该cookie?
We need to disable httpOnly cookie. 我们需要禁用httpOnly cookie。
Can anyone help me "How to solve this issue?" 谁能帮我“如何解决这个问题?”
The cookies set in header Set-Cookie
. Cookie在标头Set-Cookie
中Set-Cookie
。 To get it you can use the following code: 要获取它,您可以使用以下代码:
URLConnection urlConnection = new URL("url-of-your-web-app-here").openConnection();
List<String> cookiesList = urlConnection.getHeaderFields().get("Set-Cookie");
You can delete flag manually, by deleting HttpOnly
: 您可以通过删除HttpOnly
手动删除标志:
response.setHeader( "Set-Cookie", "name=value; HttpOnly");
If you're working in a Servlet 3.0 or newer environment, configure your web.xml as following: 如果您在Servlet 3.0或更高版本的环境中工作,请按以下方式配置web.xml :
<session-config>
<cookie-config>
<http-only>false</http-only>
</cookie-config>
</session-config>
Note. 注意。 The HttpOnly
flag is an additional flag that is used to prevent an XSS (Cross-Site Scripting) exploit from gaining access to the session cookie. HttpOnly
标志是一个附加标志,用于防止XSS (跨站点脚本)攻击利用访问会话cookie。
See Also: 也可以看看:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.