在谷歌应用程序引擎java上的HttpOnly cookie
[英]HttpOnly cookies on google app engine java
问题描述
Anyone know how I can use httponly cookies for sessions and cookies on the app engine? 
任何人都知道如何在应用引擎上使用httponly cookie进行会话和cookie?
In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean) , there is a setHttpOnly method. 在Cookie类的javadoc中, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly (boolean ) ,有一个setHttpOnly方法。
I get a compiler error when trying to use it when developing for app engine though. 尝试在开发app引擎时使用它时出现编译器错误。
The method was introduced in the Servlet 3.0 spec, so its pretty new. 该方法是在Servlet 3.0规范中引入的,因此它非常新颖。
2 个解决方案
解决方案1
3 已采纳 2010-04-15 01:55:01
App Engine supports the Servlet API at version 2.5, so you cannot use the setHttpOnly method. App Engine支持版本2.5的Servlet API,因此您无法使用setHttpOnly方法。
You could try to output the cookie header yourself. 您可以尝试自己输出cookie标头。
resp.setHeader("Set-Cookie", "A=7; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net; HttpOnly");
解决方案2
1 2018-04-13 20:49:50
Since 2017 GAE does support servlet API 3.1 So I've tested the following cookie option inside web.xml and it works: 自2017年以来, GAE确实支持servlet API 3.1所以我在web.xml中测试了以下cookie选项,它可以工作:
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.