Cookie HttpOnly Secure

Cookie HttpOnly Secure

1. Change the configuration on context.xml
<Context cookies="true" crossContext="true">
   <SessionCookie secure="true" httpOnly="true" />
   <!-- Session persistence is disable by default. To enable for all web
   apps set the pathname to a non-empty value:
   <Manager pathname="SESSIONS.ser" />

   To enable session persistence for a single web app, add a
   WEB-INF/context.xml
   -->
   <Manager pathname="" />

   <!-- Install an InstanceListener to handle the establishment of the run-as
   role for servlet init/destroy events.
   -->
   <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener>

</Context>

2. Use response to write cookie back
Cookie[] cookies = ((HttpServletRequest) request).getCookies();
for (Cookie cookie : cookies){
if (cookie.getName().equalsIgnoreCase("JSESSIONID")){
     ((HttpServletResponse)response).setHeader("SET-COOKIE", String.format("%s=%s;Path=/storename;HttpOnly", cookie.getName(), session.getId()));
     cookie.setSecure(true);
}else{
      ((HttpServletResponse)response).setHeader("SET-COOKIE", String.format("%s=%s;Path=/storename;HttpOnly", cookie.getName(), cookie.getValue()));
      cookie.setSecure(true);
      }
}

Or

HttpSession session = ((HttpServletRequest)request).getSession(false);
if(null != session && Utility.isValidString(session.getId())){
                String sessionid = session.getId();
                Log.info(this, "session create time:  "+session.getCreationTime());
                ((HttpServletResponse)response).setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + ";HttpOnly");
}

Or

HttpSession session = ((HttpServletRequest)request).getSession(false);
if(null != session && Utility.isValidString(session.getId())){
String sessionid = session.getId();
    Log.info(this, "session create time:  "+session.getCreationTime());
    ((HttpServletResponse)response).setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + ";HttpOnly;Path=/storename;secure=true");
}

references:
https://community.jboss.org/thread/165079
http://www.iteye.com/problems/80699



你可能感兴趣的:(cookie)