stackoom
  简体   繁体   中英

servlet set cookie secure?

 原文  2011-01-02 13:14:25       java/ servlets/ session-cookies

Question

javax.servlet.http.Cookie implements java.lang.Cloneable

In Cookie method, there is a method call "setSecure" , what does it use for? if i setSecure(true), is there anything i need to do on my client(javascript) side to read the cookie? what is different set/without setSecure?

2 answers

solution1
 8 ACCPTED  2011-01-02 13:19:34

All that setSecure(true) does is tell the browser that the cookie should only be sent back to the server if using a "secure" protocol, like https . Your JavaScript code doesn't have to do anything different.

solution2
 1  2016-11-30 15:15:01

Yup this ensures that your session cookie is not visible to an attacker like man-in-the-middle attack. Instead of setting it manually You could alternatively configure your web.xml to handle it for you automatically . 

<session-config>
   <cookie-config>
      <secure>true</secure>
   </cookie-config>
</session-config>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set SameSite and Secure attribute to JSESSIONID cookie How to set secure flag on cookie programatically How to set secure cookie in Java/Spring MVC on Heroku? set session cookie secure and httpOnly for LFR_SESSION_STATE_% adding httponly and secure flag for set cookie in java web application How to add multiple “Set-Cookie” header in servlet response? From a servlet, how do I set a Cookie that never expires? Set HTTP Servlet Cookie from web service client Secure doGet parameter in Servlet Cookie handling with Servlet
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM