开发者

HttpOnly cookies on google app engine java

Anyone know how I can use httponly cookies for sessions and cookies on the app engine?

In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(b开发者_Go百科oolean) , there is a setHttpOnly method.

I get a compiler error when trying to use it when developing for app engine though.

The method was introduced in the Servlet 3.0 spec, so its pretty new.


App Engine supports the Servlet API at version 2.5, so you cannot use the setHttpOnly method.

You could try to output the cookie header yourself.

resp.setHeader("Set-Cookie", "A=7; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net; HttpOnly");


Since 2017 GAE does support servlet API 3.1 So I've tested the following cookie option inside web.xml and it works:

<session-config>
  <cookie-config>
    <http-only>true</http-only>
  </cookie-config>
</session-config>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜