I am confused about a couple things regarding cookies.
Why do I need to use/customize javax.servlet.http.Cookie
class in order to implement a Remember me
feature?
In my web.xml
couldn't I just use?:
<session-config> <session-timeout>10080</session-timeout> </session-config>
Isn't it a security issue having cookies on a computer? Couldn't a cracker steal another user's cookie and hijack their session?
You don't - you just need to create an http session . Tomcat will either create a cookie or use a jsessionid
URL parameter to maintain your session - this is part of the Java EE servlet specification . If you use a JSP then they automatically create http sessions . Various other things can cause sessions to be created also.
Yes, this is called session hijacking .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.