Search This Blog

Wednesday, September 11, 2013

Add "HTTPOnly" and "Secure" attribute to Cookie for Liferay

Here are the ways
---------------------------
Secure Attribute
Writing a servlet filter to overwrite the session cookie:

private void rewriteCookieToHeader(HttpServletRequest request, HttpServletResponse response) {
if (response.containsHeader("SET-COOKIE")) {
String sessionid = request.getSession().getId();
String contextPath = request.getContextPath();
String secure = "";
if (request.isSecure()) {
secure = "; Secure";
}
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid
+ "; Path=" + contextPath + "; HttpOnly" + secure);
}
}
------------------------

HTTPOnly Attribute

Go to Tomcat conf/context.xml file ,add

restart tomcat.

No comments:

Post a Comment

My Blog List