cookie 设置 httpOnly属性

发布时间：2020-03-31 15:39:11 阅读：1415 作者：101ttyy 栏目：开发技术

开发者测试专用服务器限时活动，0元免费领，库存有限，领完即止！点击查看>>

cookie 设置 httpOnly属性防止js读取cookie.

建立filter拦截器类

CookieHttpOnlyFilter

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
 * 
* <P>CookieにHTTPOnly属性を設定インターセプタークラス.</P>
*
* @author hnnc
* @author $Author$
* @version $Id$
 */
public class CookieHttpOnlyFilter implements Filter {
    /** {@inheritDoc} **/
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        if (!(request instanceof HttpServletRequest)) {
            chain.doFilter(request, response);
            return;
        }
        HttpServletRequest httpReq = (HttpServletRequest) request;
        HttpServletResponse httpResp = (HttpServletResponse) response;
        Cookie[] cookies = httpReq.getCookies();
        if (cookies != null) {
            Cookie cookie = cookies[0];
            if (cookie != null) {
                HttpSession session = httpReq.getSession();
                if (session != null) {
                    String sessionId = session.getId();
                    // httpの设置
                    httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId
                            + "; Path=/admin; HttpOnly");
                    // httpsの设置
//                    httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId
//                            + "; Path=/admin;Secure; HttpOnly");
                }
            }
        }
        chain.doFilter(httpReq, httpResp);
        
        
    }
    /** {@inheritDoc} **/
    public void destroy() {
    }
    /** {@inheritDoc} **/
    public void init(FilterConfig filterConfig) throws ServletException {
    }
}

web.xml中配置拦截器

<filter>
   <filter-name>CookieHttpOnly</filter-name>
   <filter-class>jp.co.univ.www.admin.filter.CookieHttpOnlyFilter</filter-class>
   </filter>
<filter-mapping>
   <filter-name>CookieHttpOnly</filter-name>
   <url-pattern>/*</url-pattern>
   </filter-mapping>

cookie 设置 httpOnly属性

参考：

http://conkeyn.iteye.com/blog/2025484

http://blog.csdn.net/a19881029/article/details/27536917

亿速云「云服务器」，即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘，价格低至29元/月。点击查看>>

向AI问一下细节

cookie 设置 httpOnly属性

猜你喜欢

最新资讯

相关推荐

开发者交流群：

相关标签