How to set HttpOnly Cookie in Java?-javaTutorial-php.cn

Home

Java

javaTutorial

How to set HttpOnly Cookie in Java?

PHPz

Apr 22, 2023 pm 06:37 PM

javacookiehttponly

Httponly cookie is a cookie security solution.

In browsers that support httponly cookies (IE6, FF3.0), if the "httponly" attribute is set in the cookie, the JavaScript script will not be able to read the cookie information, which can effectively prevent XSS attacks and allow the website to The application is more secure.

But J2EE4 and J2EE5 cookies do not provide a method to set the httponly attribute, so if you need to set the httponly attribute, you need to handle it yourself.

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
 
/**
 * Cookie Tools
 */
public class CookieUtil {
 
    /**
           * Set httponly cookie
     * @param  Response HTTP response
     * @param  Cookie cookie object
     * @param  Ishttponly is httponly
     */
    public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
        String name = cookie.getName();//Cookie name
        String value = cookie.getValue();//Cookie value
        int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
        String path = cookie.getPath();//path
        String domain = cookie.getDomain();//area
        boolean isSecure = cookie.getSecure();//Is there a security protocol? 
 
        StringBuilder buffer = new StringBuilder();
 
        buffer.append(name).append("=").append(value).append(";");
 
        if (maxAge == 0) {
            buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
        } else if (maxAge > 0) {
            buffer.append("Max-Age=").append(maxAge).append(";");
        }
 
        if (domain != null) {
            buffer.append("domain=").append(domain).append(";");
        }
 
        if (path != null) {
            buffer.append("path=").append(path).append(";");
        }
 
        if (isSecure) {
            buffer.append("secure;");
        }
 
        if (isHttpOnly) {
            buffer.append("HTTPOnly;");
        }
 
        response.addHeader("Set-Cookie", buffer.toString());
    }
 
}

It is worth mentioning that the cookie in Java Ee 6.0 has set httponly, so if it is compatible with a Java EE 6.0 compatible container (such as Tomcat 7), you can use cookie.sethttponly to set HTTPONLY:

cookie.setHttpOnly(true);

The setHttpOnly(Boolean httpOnly) method of the Java HttpCookie class is used to indicate whether the cookie can be considered HTTPOnly. If set to true, the cookie cannot be accessed by scripting engines such as JavaScript.

Syntax

public void setHttpOnly(boolean httpOnly)

Scope

The above method requires only one parameter:

httpOnly - true if the cookie is HTTP only, which means it Visible as part of the HTTP request.

Return

Not applicable

Example 1

import java.net.HttpCookie;  
public class JavaHttpCookieSetHttpOnlyExample1 {  
  public static void main(String[] args) {  
    HttpCookie  cookie = new HttpCookie("Student", "1");  
    // Indicate whether the cookie can be considered as HTTP Only or not.  
        cookie.setHttpOnly(true);  
    // Return true if the cookie is considered as HTTPOnly.  
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());  
     }  
 }

Output:

Check whether the cookie is HTTPOnly: true

Example 2

import java.net.HttpCookie;  
public class JavaHttpCookieSetHttpOnlyExample2 {  
    public static void main(String[] args) {  
        HttpCookie  cookie = new HttpCookie("Student", "1");  
        // Indicate whether the cookie can be considered as HTTP Only or not.  
            cookie.setHttpOnly(false);  
        // Return false if the cookie is not considered as HTTPOnly.  
    System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());  
   }  
}

Output:

Check whether the cookie is HTTPOnly: false

Example 3

import java.net.HttpCookie;  
public class JavaHttpCookieSetHttpOnlyExample3 {  
    public static void main(String[] args) {  
        HttpCookie cookie1 = new HttpCookie("Student1", "1");  
        HttpCookie cookie2 = new HttpCookie("Student2", "2");  
        //Indicate whether the cookie can be considered as HTTP Only or not.  
        cookie1.setHttpOnly(true);  
        cookie2.setHttpOnly(false);  
        System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly());  
        System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly());  
       }  
    }

Output:

Check whether the first cookie is HTTPOnly:true
Check whether the second cookie is HTTPOnly:false

The above is the detailed content of How to set HttpOnly Cookie in Java?. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

What are some strategies for mitigating platform-specific issues in Java applications?May 01, 2025 am 12:20 AM

How does Java alleviate platform-specific problems? Java implements platform-independent through JVM and standard libraries. 1) Use bytecode and JVM to abstract the operating system differences; 2) The standard library provides cross-platform APIs, such as Paths class processing file paths, and Charset class processing character encoding; 3) Use configuration files and multi-platform testing in actual projects for optimization and debugging.

What is the relationship between Java's platform independence and microservices architecture?May 01, 2025 am 12:16 AM

Java'splatformindependenceenhancesmicroservicesarchitecturebyofferingdeploymentflexibility,consistency,scalability,andportability.1)DeploymentflexibilityallowsmicroservicestorunonanyplatformwithaJVM.2)Consistencyacrossservicessimplifiesdevelopmentand

How does GraalVM relate to Java's platform independence goals?May 01, 2025 am 12:14 AM

GraalVM enhances Java's platform independence in three ways: 1. Cross-language interoperability, allowing Java to seamlessly interoperate with other languages; 2. Independent runtime environment, compile Java programs into local executable files through GraalVMNativeImage; 3. Performance optimization, Graal compiler generates efficient machine code to improve the performance and consistency of Java programs.

How do you test Java applications for platform compatibility?May 01, 2025 am 12:09 AM

ToeffectivelytestJavaapplicationsforplatformcompatibility,followthesesteps:1)SetupautomatedtestingacrossmultipleplatformsusingCItoolslikeJenkinsorGitHubActions.2)ConductmanualtestingonrealhardwaretocatchissuesnotfoundinCIenvironments.3)Checkcross-pla

What is the role of the Java compiler (javac) in achieving platform independence?May 01, 2025 am 12:06 AM

The Java compiler realizes Java's platform independence by converting source code into platform-independent bytecode, allowing Java programs to run on any operating system with JVM installed.

What are the advantages of using bytecode over native code for platform independence?Apr 30, 2025 am 12:24 AM

Bytecodeachievesplatformindependencebybeingexecutedbyavirtualmachine(VM),allowingcodetorunonanyplatformwiththeappropriateVM.Forexample,JavabytecodecanrunonanydevicewithaJVM,enabling"writeonce,runanywhere"functionality.Whilebytecodeoffersenh

Is Java truly 100% platform-independent? Why or why not?Apr 30, 2025 am 12:18 AM

Java cannot achieve 100% platform independence, but its platform independence is implemented through JVM and bytecode to ensure that the code runs on different platforms. Specific implementations include: 1. Compilation into bytecode; 2. Interpretation and execution of JVM; 3. Consistency of the standard library. However, JVM implementation differences, operating system and hardware differences, and compatibility of third-party libraries may affect its platform independence.

How does Java's platform independence support code maintainability?Apr 30, 2025 am 12:15 AM

Java realizes platform independence through "write once, run everywhere" and improves code maintainability: 1. High code reuse and reduces duplicate development; 2. Low maintenance cost, only one modification is required; 3. High team collaboration efficiency is high, convenient for knowledge sharing.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks agoByDDD

InZoi: How To Apply To School And University

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

2 weeks agoByDDD

Where to find the Site Office Key in Atomfall

4 weeks agoByDDD

Hot Tools

SublimeText3 English version

Recommended: Win version, supports code prompts!

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Mac version

God-level code editing software (SublimeText3)

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

Hot Topics

Where is the login entrance for gmail email?

7871

1649

1407

1301

1245