javax.servlet.http.Cookie implements java.lang.Cloneable
In Cookie method, there is a method call "setSecure" , what does it use for? if i setSecure(true), is there anything i need to do on my client(javascript) side to read the cookie? what is different set/without setSecure?
All that setSecure(true)
does is tell the browser that the cookie should only be sent back to the server if using a "secure" protocol, like https
. Your JavaScript code doesn't have to do anything different.
Yup this ensures that your session cookie is not visible to an attacker like man-in-the-middle attack. Instead of setting it manually You could alternatively configure your web.xml to handle it for you automatically .
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.