欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Cookie设置HttpOnly,Secure,Expire属性

程序员文章站 2022-07-05 23:14:43
...

原文地址: https://blog.csdn.net/a19881029/article/details/27536917

Tomcat版本为6.0.39,JDK版本为1.6update45

在Web工程上增加一个Filter对Cookie进行处理

public class CookieFilter implements Filter {
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
	    HttpServletResponse resp = (HttpServletResponse) response;
 
	    Cookie[] cookies = req.getCookies();
 
	    if (cookies != null) {
	            Cookie cookie = cookies[0];
	            if (cookie != null) {
	            	/*cookie.setMaxAge(3600);
	            	cookie.setSecure(true);
	            	resp.addCookie(cookie);*/
	            	
	            	//Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
	            	String value = cookie.getValue();
	            	StringBuilder builder = new StringBuilder();
	            	builder.append("JSESSIONID=" + value + "; ");
	            	builder.append("Secure; ");
	            	builder.append("HttpOnly; ");
	            	Calendar cal = Calendar.getInstance();
	            	cal.add(Calendar.HOUR, 1);
	            	Date date = cal.getTime();
	            	Locale locale = Locale.CHINA;
	            	SimpleDateFormat sdf = 
	            			new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale);
	            	builder.append("Expires=" + sdf.format(date));
	            	resp.setHeader("Set-Cookie", builder.toString());
	            }
	    }
	    chain.doFilter(req, resp);
	}
 
	public void destroy() {
	}
 
	public void init(FilterConfig arg0) throws ServletException {
	}
}

web.xml:

    <filter>
    	<filter-name>cookieFilter</filter-name>
    	<filter-class>com.sean.CookieFilter</filter-class>
    </filter>
    
    <filter-mapping>
    	<filter-name>cookieFilter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>

FireFox:

Cookie设置HttpOnly,Secure,Expire属性Cookie设置HttpOnly,Secure,Expire属性

Chrome:

Cookie设置HttpOnly,Secure,Expire属性

IE:

Cookie设置HttpOnly,Secure,Expire属性