zoukankan      html  css  js  c++  java
  • Cookie设置HttpOnly,Secure,Expire属性

    在eclipese中创建Web工程时,有个dynamic web module version选项,首先解释下这个选项的意思:

    http://stackoverflow.com/questions/3985916/dynamic-web-module-option-in-eclipse

    That version correlates with Servlet API version. Servlet 3.0 (released at december 2009 as part of Java EE 6) runs on Servlet 3.0 containers only (Tomcat 7, Glassfish 3, JBoss AS 6, etc). Servlet 2.5 (released at 11 may 2006 as part of Java EE 5) runs on Servlet 2.5 containers only or newer (Tomcat 6, Glassfish 2, JBoss AS 5, etc). Servlet 2.4 (released at november 2003 as part of J2EE 1.4) runs on Servlet 2.4 containers only or newer, etcetera.

    You just need to pick the right API version whatever you want to implement your webapp in. Or if you don't have the freedom in picking the servlet container used, then pick the API which suits the servlet container version the best.

    As to why the JDK defaults to one or other, it's just the minimum JDK requirement of the Servlet API version in question. Often, when you're picking an older Servlet API, in reality the JRE/JDK used is also that old.

    Tomcat版本为6.0.39,JDK版本为1.6update45

    在Web工程上增加一个Filter对Cookie进行处理

    [java] view plaincopy在CODE上查看代码片派生到我的代码片
     
    1. public class CookieFilter implements Filter {  
    2.     public void doFilter(ServletRequest request, ServletResponse response,  
    3.             FilterChain chain) throws IOException, ServletException {  
    4.         HttpServletRequest req = (HttpServletRequest) request;  
    5.         HttpServletResponse resp = (HttpServletResponse) response;  
    6.   
    7.         Cookie[] cookies = req.getCookies();  
    8.   
    9.         if (cookies != null) {  
    10.                 Cookie cookie = cookies[0];  
    11.                 if (cookie != null) {  
    12.                     /*cookie.setMaxAge(3600); 
    13.                     cookie.setSecure(true); 
    14.                     resp.addCookie(cookie);*/  
    15.                       
    16.                     //Servlet 2.5不支持在Cookie上直接设置HttpOnly属性  
    17.                     String value = cookie.getValue();  
    18.                     StringBuilder builder = new StringBuilder();  
    19.                     builder.append("JSESSIONID=" + value + "; ");  
    20.                     builder.append("Secure; ");  
    21.                     builder.append("HttpOnly; ");  
    22.                     Calendar cal = Calendar.getInstance();  
    23.                     cal.add(Calendar.HOUR, 1);  
    24.                     Date date = cal.getTime();  
    25.                     Locale locale = Locale.CHINA;  
    26.                     SimpleDateFormat sdf =   
    27.                             new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale);  
    28.                     builder.append("Expires=" + sdf.format(date));  
    29.                     resp.setHeader("Set-Cookie", builder.toString());  
    30.                 }  
    31.         }  
    32.         chain.doFilter(req, resp);  
    33.     }  
    34.   
    35.     public void destroy() {  
    36.     }  
    37.   
    38.     public void init(FilterConfig arg0) throws ServletException {  
    39.     }  
    40. }  

    web.xml:

    [html] view plaincopy在CODE上查看代码片派生到我的代码片
     
    1. <filter>  
    2.     <filter-name>cookieFilter</filter-name>  
    3.     <filter-class>com.sean.CookieFilter</filter-class>  
    4. </filter>  
    5.   
    6. <filter-mapping>  
    7.     <filter-name>cookieFilter</filter-name>  
    8.     <url-pattern>/*</url-pattern>  
    9. </filter-mapping>  

    FireFox:

    Chrome:

    IE:

    版权声明:本文为博主原创文章,未经博主允许不得转载。

  • 相关阅读:
    Hystrix源码分析(一)
    docker虚拟ip和项目地ip冲突问题解决
    Hystrix入门demo
    为什么spirng扫描到@compent会把对象注册到容器上
    hive安装与基本操作
    hadoop基本安装
    spring session 存到数据库的设置
    React加Ant Design实现的一个登陆界面及小案例
    一个获取天气预报数据的小案例
    React学习笔记案例2
  • 原文地址:https://www.cnblogs.com/xuehen/p/4837469.html
Copyright © 2011-2022 走看看