Tomcat 7 - JSESSIONID cookie is not accessible from JavaScript code

放肆的年华 提交于 2019-12-20 12:17:13

问题


Does anyone know what changed in the configuration between Tomcat 6 and Tomcat 7 that would cause the JSESSIONID cookie to not be accessible via JavaScript?

Using Tomcat 6:

alert(document.cookie); // JSESSIONID=8675309ABCDEF...

Using Tomcat 7:

alert(document.cookie); // nothing

回答1:


Okay, I found the answer. The useHttpOnly attribute was set to false by default in Tomcat 6, and is true in Tomcat 7. This attribute is set for the <Context> container.

<Context useHttpOnly="false" [...] />

For more information about updating from Tomcat 6 to 7: Migrating from 6.0.x to 7.0.x

I'm not sure why I didn't see that in the docs before, but I've verified that setting this to false does in fact cause Tomcat 7 to revert to the Tomcat 6 behavior.



来源:https://stackoverflow.com/questions/8495327/tomcat-7-jsessionid-cookie-is-not-accessible-from-javascript-code

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!