Cookie设置HttpOnly，Secure，Expire属性

原文地址： https://blog.csdn.net/a19881029/article/details/27536917

Tomcat版本为6.0.39，JDK版本为1.6update45

在Web工程上增加一个Filter对Cookie进行处理

public class CookieFilter implements Filter {
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
	    HttpServletResponse resp = (HttpServletResponse) response;
 
	    Cookie[] cookies = req.getCookies();
 
	    if (cookies != null) {
	            Cookie cookie = cookies[0];
	            if (cookie != null) {
	            	/*cookie.setMaxAge(3600);
	            	cookie.setSecure(true);
	            	resp.addCookie(cookie);*/
	            	
	            	//Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
	            	String value = cookie.getValue();
	            	StringBuilder builder = new StringBuilder();
	            	builder.append("JSESSIONID=" + value + "; ");
	            	builder.append("Secure; ");
	            	builder.append("HttpOnly; ");
	            	Calendar cal = Calendar.getInstance();
	            	cal.add(Calendar.HOUR, 1);
	            	Date date = cal.getTime();
	            	Locale locale = Locale.CHINA;
	            	SimpleDateFormat sdf = 
	            			new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale);
	            	builder.append("Expires=" + sdf.format(date));
	            	resp.setHeader("Set-Cookie", builder.toString());
	            }
	    }
	    chain.doFilter(req, resp);
	}
 
	public void destroy() {
	}
 
	public void init(FilterConfig arg0) throws ServletException {
	}
}

web.xml:

    
    	cookieFilter
    	com.sean.CookieFilter
    
    
    
    	cookieFilter
    	/*
    

FireFox：

Chrome：

IE：