[英]How can I create HttpOnly cookies using Servlet API 2.5?
I'm working with a web application that uses Servlet API v2.5, running on Tomcat 6, and I need to send HttpOnly cookies to the client. 我正在使用在Tomcat 6上运行的使用Servlet API v2.5的Web应用程序,我需要向客户端发送HttpOnly cookie。 I'm not talking about session cookies generated by the servlet container (which is covered excellently by this question ), but custom cookies added to the response using
response.addCookie()
. 我不是在谈论servlet容器生成的会话cookie( 这个问题很好地介绍了),但使用
response.addCookie()
将自定义cookie添加到响应中。
The Cookie#setHttpOnly()
method does not exist in v2.5, so I have to build the HTTP header myself and add the HttpOnly
token. Cookie#setHttpOnly()
方法在v2.5中不存在,因此我必须自己构建HTTP标头并添加HttpOnly
标记。 Is there an easy way to do this without rolling my own implementation of RFC 6265 from scratch? 有没有一种简单的方法可以做到这一点,而无需从头开始自己实现RFC 6265 ?
Maybe you will need to implement a org.apache.catalina.Valve
(which works on a very similar philosophy to a Servlet Filter) and cast the cookies to org.apache.tomcat.util.http.ServerCookie
so that you can access low-level details in order to stick 'HttpOnly' in there. 也许您需要实现一个
org.apache.catalina.Valve
(它与Servlet过滤器的工作原理非常相似)并将cookie转换为org.apache.tomcat.util.http.ServerCookie
以便您可以访问低 -水平细节,以便在那里坚持'HttpOnly'。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.