如何使用 Seedstack 使会话 cookie 安全?
[英]How to make the session cookie secure with Seedstack?
问题描述
I'm using Web sessions in a SeedStack application but needs the session cookie to be secured by the httpOnly flag.
我在 SeedStack 应用程序中使用 Web 会话,但需要通过 httpOnly 标志保护会话 cookie。
Since there is no configuration option for that, how can I achieve this with the current version ?由于没有配置选项,我如何使用当前版本实现这一点?
1 个解决方案
解决方案1
1 已采纳 2020-03-12 15:26:12
It is not possible for now to configure the session cookie used by Undertow but I added the relevant options to make it possible in the upcoming version (20.4 at the end of April).目前无法配置 Undertow 使用的会话 cookie,但我添加了相关选项以使其在即将发布的版本(4 月底的 20.4)中成为可能。
For now, as a workaround, you can implement a ServletContainerInitializer to configure the session cookie manually:现在,作为一种解决方法,您可以实现一个ServletContainerInitializer来手动配置会话 cookie:
public class MyServletContainerInitializer implements ServletContainerInitializer {
@Override
public void onStartup(Set<Class<?>> classes, ServletContext servletContext) {
servletContext.getSessionCookieConfig().setHttpOnly(true);
}
Your class must be registered in a META-INF/services/javax.servlet.ServletContainerInitializer file:您的类必须在META-INF/services/javax.servlet.ServletContainerInitializer文件中注册:
org.myorg.myproject.MyServletContainerInitializer
Note that you can statically obtain a configuration facade with Seed.baseConfiguration() .请注意,您可以使用Seed.baseConfiguration()静态获取配置外观。 This makes it possible to alter cookie options using applicative configuration.这使得使用应用配置更改 cookie 选项成为可能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.