发表新帖
发表新帖

Setting httponly in JSESSIONID cookie (Java EE 5)

后端 未结
关注
2 1042
长情又很酷
长情又很酷 2020-12-30 07:10

I\'m trying to set the httponly flag on the JSESSIONID cookie. I\'m working in Java EE 5, however, and can\'t use setHttpOnly(). First I tried to create my ow

2条回答
  • 伪装坚强ぢ
    伪装坚强ぢ (楼主)
    2020-12-30 07:57

    Since the JSESSIONID cookie is managed by the servletcontainer, this setting is servletcontainer specific. It's unclear which one you're using, so here's an Apache Tomcat 6.0 targeted answer so that you know in which direction you'll have to look for your servletcontainer: you need to set the useHttpOnly attribute of the webapplication's element to true.

    
    ...

    Also see this Tomcat documentation about the element.

    0 讨论(0)
 看不清?
提交回复
热议问题