stackoom
  简体   繁体   中英

How to set secure flag on cookie programatically

 原文  2016-02-02 21:07:37       java/ security/ servlets/ cookies/ servlet-3.0

Question

I know we can do something like this: 

<session-config>
 <cookie-config>
 <secure>true</secure>
 </cookie-config>
</session-config>

But what I want to achieve is to set this flag (true or false) based on some config.

Should we use a filter and how ?

Thanks

1 answers

solution1
 5 ACCPTED  2016-02-02 21:34:16

Assuming that you are in a servlet 3.0+ environment, and you don't want to use web.xml to specify the cookie-secure-flag but set it programmatically:

Implement a ServletContextListener and register it in the web.xml or via annotation.
In its contextInitialized method evaluate your secure flag from your config and set it on the SessionCookieConfig : 

public void contextInitialized(ServletContextEvent sce) {
     boolean secure = ...
     sce.getServletContext().getSessionCookieConfig().setSecure(secure);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question adding httponly and secure flag for set cookie in java web application how to set cookies as secure flag in spring boot How to set httpOnly flag true for cookie in Java? How to set SameSite and Secure attribute to JSESSIONID cookie servlet set cookie secure? Cookie without the secure flag jboss 5.1 Add secure flag to JSESSIONID cookie in spring automatically How delete the JSESSIONID cookie from the browser with HttpOnly flag set How to set secure cookie in Java/Spring MVC on Heroku? Dynamic value for cookie secure flag at web.xml
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM