Here are the ways
---------------------------
Secure Attribute
Writing a servlet filter to overwrite the session cookie:
private void rewriteCookieToHeader(HttpServletRequest request, HttpServletResponse response) {
if (response.containsHeader("SET-COOKIE")) {
String sessionid = request.getSession().getId();
String contextPath = request.getContextPath();
String secure = "";
if (request.isSecure()) {
secure = "; Secure";
}
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid
+ "; Path=" + contextPath + "; HttpOnly" + secure);
}
}
------------------------
HTTPOnly Attribute
Go to Tomcat conf/context.xml file ,add
restart tomcat.
---------------------------
Secure Attribute
Writing a servlet filter to overwrite the session cookie:
private void rewriteCookieToHeader(HttpServletRequest request, HttpServletResponse response) {
if (response.containsHeader("SET-COOKIE")) {
String sessionid = request.getSession().getId();
String contextPath = request.getContextPath();
String secure = "";
if (request.isSecure()) {
secure = "; Secure";
}
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid
+ "; Path=" + contextPath + "; HttpOnly" + secure);
}
}
------------------------
HTTPOnly Attribute
Go to Tomcat conf/context.xml file ,add
restart tomcat.
No comments:
Post a Comment