[英]Jboss 5. HttpOnly session cookies
How to configure JBoss 5.1.* to make session cookie HttpOnly? 如何配置JBoss 5.1。*以使会话cookie HttpOnly?
<Context useHttpOnly="true">
Doesn't work. 不起作用
I'm using JBoss [EAP] 5.0.1 and adding 我正在使用JBoss [EAP] 5.0.1并添加
<SessionCookie secure="true" httpOnly="true" />
in <myJBossServerInstancePath>/deploy/jbossweb.sar/context.xml 在<myJBossServerInstancePath> /deploy/jbossweb.sar/context.xml中
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />
...
works perfectly (thanks Luciano). 完美地工作(感谢Luciano)。
Add 加
<SessionCookie secure="true" httpOnly="true" />
In $JBOSS_HOME/deploy/jbossweb.sar/context.xml 在$ JBOSS_HOME / deploy / jbossweb.sar / context.xml中
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />
Make sure HTTPS/SSL configured in the server to work. 确保在服务器中配置的HTTPS / SSL可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.