堆栈内存溢出
  简体   繁体   English

在Tomcat上播放框架1.x-httpOnly cookie

[英]Play framework 1.x on Tomcat - httpOnly cookies

 原文  2012-11-09 03:57:25       java/ cookies/ playframework/ tomcat6/ playframework-1.x

问题描述

I'm setting application.session.httpOnly=true in the application.conf and generating a war file and deploying on tomcat. 我在application.conf中设置application.session.httpOnly = true并生成war文件并部署在tomcat上。

I still see the cookie generated as HttpOnly=No and it is editable. 我仍然看到生成为HttpOnly = No的cookie,它是可编辑的。

This is an issue with play 1.x running on tomcat 6 (ie servlet api 2.x). 这是在tomcat 6上运行的play 1.x(即servlet api 2.x)存在的问题。 Apparently, http only flag for cookies was only introduced in servlet 3.0 and so is only available in tomcat 7+ 显然,cookie的http only标志仅在Servlet 3.0中引入,因此仅在tomcat 7+中可用

has anybody identified a workaround for this so far (so I could have http only cookies for play 1.x on tomcat 6.x ) ? 到目前为止,有没有人找到解决方法(所以我可以在tomcat 6.x上仅使用http来播放1.x的cookie)? the httpOnly flag on context in tomcat only works for tomcat's jsessionid cookie... tomcat上下文中的httpOnly标志仅适用于tomcat的jsessionid cookie ...

also, can I run a play 1.x app on servlet 3.0 ? 另外,我可以在Servlet 3.0上运行play 1.x应用程序吗?

PS: This was also posted on the play framework's google groups but we did not receive a response and so posting on SO. PS:这也发布在play框架的Google网上论坛上,但我们没有收到回复,因此在SO上发布。

1 个解决方案

解决方案1
 0 已采纳  2012-11-09 15:50:46

You should be able to run the app in tomcat 7. The reason is that although you'll deploy a War file, Play is not using any Servlet API, so that shouldn't be a problem. 您应该能够在tomcat 7中运行该应用程序。其原因是,尽管您将部署War文件,但是Play并未使用任何Servlet API,因此这不会成为问题。 That said, the problem could be the addon that generates the War file, I'm afraid I don't have experience with it. 就是说,问题可能出在生成War文件的插件上,我恐怕没有经验。

On workarounds, the only one would be to use the integrated server available with Play. 在解决方法上,唯一的办法是使用Play附带的集成服务器。 If you run in Tomcat, Tomcat sets the rules so no HttpOnly for you. 如果您在Tomcat中运行,则Tomcat会设置规则,因此不会为您设置HttpOnly。 If you use the integrated Netty then you'll have that. 如果您使用集成的Netty,那么您将拥有它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Tomcat 5.5.36上的HttpOnly cookie - HttpOnly cookies on Tomcat 5.5.36 在Play 1.x框架中使用SOAP Web服务 - Consume SOAP Web-service in Play 1.x framework 在将模型保存到Play Framework 1.x中之前执行一种方法 - Execute a method before saving a model in Play Framework 1.x Play Framework 1.x中的模型ID的8位随机值 - Random 8 digit value for model id in Play Framework 1.x 对于Play Framework 1.x,日本的Rythm模板引擎优势? - Advantages Rythm Template Engine over Japid for Play Framework 1.x? 像在Tomcat上一样进行Jetty httpOnly cookie配置 - Jetty httpOnly cookies configurarion like on Tomcat 你如何在tomcat / java webapps中配置HttpOnly cookie? - How do you configure HttpOnly cookies in tomcat / java webapps? 使用Play Framework 1.x,如何让JPA在生产模式下创建缺少的数据库表? - Using Play Framework 1.x, how do I get JPA to create missing DB tables in production mode? 将 MySQL 连接器 Jar 链接到我的依赖项 Java Play Framework 1.x - Linking MySQL Connector Jar To My Dependencies Java Play Framework 1.x 如何在Visual Studio Code + Java上调试Play Framework 1.x应用程序 - How do I debug play Framework 1.x applications on Visual Studio Code + java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM