stackoom
  简体   繁体   中英

How do Tomcat's Cookies work?

 原文  2014-02-15 18:32:20       java/ java-ee/ tomcat/ servlets/ tomcat7

Question

I am confused about a couple things regarding cookies.

  1. Why do I need to use/customize javax.servlet.http.Cookie class in order to implement a Remember me feature?

    In my web.xml couldn't I just use?: 

     <session-config> <session-timeout>10080</session-timeout> </session-config>

  2. Isn't it a security issue having cookies on a computer? Couldn't a cracker steal another user's cookie and hijack their session?

1 answers

solution1
 0 ACCPTED  2014-02-26 15:06:27

  1. You don't - you just need to create an http session . Tomcat will either create a cookie or use a jsessionid URL parameter to maintain your session - this is part of the Java EE servlet specification . If you use a JSP then they automatically create http sessions . Various other things can cause sessions to be created also.

  2. Yes, this is called session hijacking .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do you configure HttpOnly cookies in tomcat / java webapps? Play framework how do sessions and cookies work? How do Apache httpd and Tomcat work together? Tomcat 8 migration - How to get response cookies How to work with a shared Tomcat? How Tomcat connectors work? Hostname in tomcat cookies Tomcat 7 is ignoring cookies? HttpOnly cookies on Tomcat 5.5.36 Tomcat: Cookies length
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM