stackoom
  简体   繁体   中英

How delete the JSESSIONID cookie from the browser with HttpOnly flag set

 原文  2016-09-29 08:29:39       java/ session-cookies/ tomcat8/ jsessionid

Question

Apologies if I sound bad.

I have a xyz.war that does some authentication and sets a cookie(with HttpOnly set so I can not expire it via javascript) so that when the user logs-in for the next time the session is maintained. Now, given that I have the access to the Tomcat that is hosting the xyz.war how can I write a Java program that could expire/delete the cookie? I can create a .war of the java project and host it in the same Tomcat and access it from client side via a api.

1 answers

solution1
 2 ACCPTED  2016-09-29 08:33:51

You would have invalidate the session in xyz application. Removing (thus beeing able to midify) cookie by third parties would be a security hole.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set httpOnly flag true for cookie in Java? JSESSIONID is set for both HttpOnly and Secure Setting httponly in JSESSIONID cookie (Java EE 5) Struts 2 and making JSESSIONID cookie HttpOnly on Tomcat 6, Java 6 adding httponly and secure flag for set cookie in java web application How do I delete a HttpOnly Cookie on the client? JSESSIONID cookie is not stored in browser How to delete an HttpOnly server-side session cookie when closing a browser window Save Cookie (Including !httponly flag) And Session From HttpURLConnection How to set SameSite and Secure attribute to JSESSIONID cookie
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM