Java 设置 httponly cookie
Httponly cookie 是一种 cookie 安全解决方案。
在支持httponly cookie的浏览器(IE6 、FF3.0 )中,如果cookie中设置了“httponly”属性,则JavaScript脚本将无法读取cookie信息,可以有效防止XSS攻击,让网站应用更安全。
但是J2EE4、J2EE5 cookie不提供设置httponly属性的方法,所以如果需要设置httponly属性需要自己处理。
-
import javax.servlet.http.Cookie;
-
import javax.servlet.http.HttpServletResponse;
-
-
/**
-
* Cookie Tools
-
*/
-
public class CookieUtil {
-
-
/**
-
* Set httponly cookie
-
* @param Response HTTP response
-
* @param Cookie cookie object
-
* @param Ishttponly is httponly
-
*/
-
public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
-
String name = cookie.getName();//Cookie name
-
String value = cookie.getValue();//Cookie value
-
int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
-
String path = cookie.getPath();//path
-
String domain = cookie.getDomain();//area
-
boolean isSecure = cookie.getSecure();//Is there a security protocol?
-
-
StringBuilder buffer = new StringBuilder();
-
-
buffer.append(name).append("=").append(value).append(";");
-
-
if (maxAge == 0) {
-
buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
-
} else if (maxAge > 0) {
-
buffer.append("Max-Age=").append(maxAge).append(";");
-
}
-
-
if (domain != null) {
-
buffer.append("domain=").append(domain).append(";");
-
}
-
-
if (path != null) {
-
buffer.append("path=").append(path).append(";");
-
}
-
-
if (isSecure) {
-
buffer.append("secure;");
-
}
-
-
if (isHttpOnly) {
-
buffer.append("HTTPOnly;");
-
}
-
-
response.addHeader("Set-Cookie", buffer.toString());
-
}
-
-
}
值得一提的是,Java Ee 6.0中的cookie已经设置了httponly,所以如果兼容Java EE 6.0兼容的容器(例如Tomcat 7),可以使用cookie.sethttponly设置HTTPONLY:
cookie.setHttpOnly(true);
Java HttpCookie 类的setHttpOnly(Boolean httpOnly) 方法用于指示cookie 是否可以被认为是HTTPOnly。如果设置为 true,则 cookie 不能被 JavaScript 等脚本引擎访问。
句法
public void setHttpOnly(boolean httpOnly)
范围
上述方法只需要一个参数:
- httpOnly - 如果 cookie 仅是 HTTP,则表示 true,这意味着它作为 HTTP 请求的一部分可见。
返回
不适用
示例 1
-
import java.net.HttpCookie;
-
public class JavaHttpCookieSetHttpOnlyExample1 {
-
public static void main(String[] args) {
-
HttpCookie cookie = new HttpCookie("Student", "1");
-
// Indicate whether the cookie can be considered as HTTP Only or not.
-
cookie.setHttpOnly(true);
-
// Return true if the cookie is considered as HTTPOnly.
-
System.out.println("Check whether the cookie is HTTPOnly: " cookie.isHttpOnly());
-
}
-
}
输出:
Check whether the cookie is HTTPOnly: true
示例 2
-
import java.net.HttpCookie;
-
public class JavaHttpCookieSetHttpOnlyExample2 {
-
public static void main(String[] args) {
-
HttpCookie cookie = new HttpCookie("Student", "1");
-
// Indicate whether the cookie can be considered as HTTP Only or not.
-
cookie.setHttpOnly(false);
-
// Return false if the cookie is not considered as HTTPOnly.
-
System.out.println("Check whether the cookie is HTTPOnly: " cookie.isHttpOnly());
-
}
-
}
输出:
Check whether the cookie is HTTPOnly: false
示例 3
-
import java.net.HttpCookie;
-
public class JavaHttpCookieSetHttpOnlyExample3 {
-
public static void main(String[] args) {
-
HttpCookie cookie1 = new HttpCookie("Student1", "1");
-
HttpCookie cookie2 = new HttpCookie("Student2", "2");
-
//Indicate whether the cookie can be considered as HTTP Only or not.
-
cookie1.setHttpOnly(true);
-
cookie2.setHttpOnly(false);
-
System.out.println("Check whether the first cookie is HTTPOnly:" cookie1.isHttpOnly());
-
System.out.println("Check whether the second cookie is HTTPOnly:" cookie2.isHttpOnly());
-
}
-
}
输出:
-
Check whether the first cookie is HTTPOnly:true
-
Check whether the second cookie is HTTPOnly:false
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /boutique/detail/tanhghcgke
系列文章
更多
同类精品
更多
-
photoshop保存的图片太大微信发不了怎么办
PHP中文网 06-15 -
《学习通》视频自动暂停处理方法
HelloWorld317 07-05 -
word里面弄一个表格后上面的标题会跑到下面怎么办
PHP中文网 06-20 -
Android 11 保存文件到外部存储,并分享文件
Luke 10-12 -
photoshop扩展功能面板显示灰色怎么办
PHP中文网 06-14 -
微信公众号没有声音提示怎么办
PHP中文网 03-31 -
excel下划线不显示怎么办
PHP中文网 06-23 -
excel打印预览压线压字怎么办
PHP中文网 06-22 -
TikTok加速器哪个好免费的TK加速器推荐
TK小达人 10-01 -
怎样阻止微信小程序自动打开
PHP中文网 06-13