httponly and secure flags in java application servlet 3
Question
I'm trying to setup an application with httponly and secure flags set to true but as soon as I edit my web.xml file by adding the requested cookie-config tag as follows:
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
I get a ViewExpiredException at the first command link submitted.
The complete session-config tag in my web.xml file is
<session-config>
<session-timeout>5</session-timeout>
<cookie-config>
<secure>true</secure>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
I've been trying to understand what the error could be but can't find anything.
My managed bean is annotated as @SessionScoped while the command link is calling a method in the bean through ajax.
1 answers
solution1
1 ACCPTED 2017-09-11 12:46:48
Secure on cookie means that the cookie will only be set for HTTPS connections.
If you access your app through http, the cookie will not be transmitted and there will be no session (and so no session- or view-scoped beans or the view state at all).
You can switch your state-saving to client-side, but what you actually want is using HTTPS.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.