How to set HttpOnly Cookie in Java?-javaTutorial-php.cn

Home

Java

javaTutorial

How to set HttpOnly Cookie in Java?

PHPz

Apr 22, 2023 pm 06:37 PM

javacookiehttponly

Httponly cookie is a cookie security solution.

In browsers that support httponly cookies (IE6, FF3.0), if the "httponly" attribute is set in the cookie, the JavaScript script will not be able to read the cookie information, which can effectively prevent XSS attacks and allow the website to The application is more secure.

But J2EE4 and J2EE5 cookies do not provide a method to set the httponly attribute, so if you need to set the httponly attribute, you need to handle it yourself.

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
 
/**
 * Cookie Tools
 */
public class CookieUtil {
 
    /**
           * Set httponly cookie
     * @param  Response HTTP response
     * @param  Cookie cookie object
     * @param  Ishttponly is httponly
     */
    public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
        String name = cookie.getName();//Cookie name
        String value = cookie.getValue();//Cookie value
        int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
        String path = cookie.getPath();//path
        String domain = cookie.getDomain();//area
        boolean isSecure = cookie.getSecure();//Is there a security protocol? 
 
        StringBuilder buffer = new StringBuilder();
 
        buffer.append(name).append("=").append(value).append(";");
 
        if (maxAge == 0) {
            buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
        } else if (maxAge > 0) {
            buffer.append("Max-Age=").append(maxAge).append(";");
        }
 
        if (domain != null) {
            buffer.append("domain=").append(domain).append(";");
        }
 
        if (path != null) {
            buffer.append("path=").append(path).append(";");
        }
 
        if (isSecure) {
            buffer.append("secure;");
        }
 
        if (isHttpOnly) {
            buffer.append("HTTPOnly;");
        }
 
        response.addHeader("Set-Cookie", buffer.toString());
    }
 
}

It is worth mentioning that the cookie in Java Ee 6.0 has set httponly, so if it is compatible with a Java EE 6.0 compatible container (such as Tomcat 7), you can use cookie.sethttponly to set HTTPONLY:

cookie.setHttpOnly(true);

The setHttpOnly(Boolean httpOnly) method of the Java HttpCookie class is used to indicate whether the cookie can be considered HTTPOnly. If set to true, the cookie cannot be accessed by scripting engines such as JavaScript.

Syntax

public void setHttpOnly(boolean httpOnly)

Scope

The above method requires only one parameter:

httpOnly - true if the cookie is HTTP only, which means it Visible as part of the HTTP request.

Return

Not applicable

Example 1

import java.net.HttpCookie;  
public class JavaHttpCookieSetHttpOnlyExample1 {  
  public static void main(String[] args) {  
    HttpCookie  cookie = new HttpCookie("Student", "1");  
    // Indicate whether the cookie can be considered as HTTP Only or not.  
        cookie.setHttpOnly(true);  
    // Return true if the cookie is considered as HTTPOnly.  
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());  
     }  
 }

Output:

Check whether the cookie is HTTPOnly: true

Example 2

import java.net.HttpCookie;  
public class JavaHttpCookieSetHttpOnlyExample2 {  
    public static void main(String[] args) {  
        HttpCookie  cookie = new HttpCookie("Student", "1");  
        // Indicate whether the cookie can be considered as HTTP Only or not.  
            cookie.setHttpOnly(false);  
        // Return false if the cookie is not considered as HTTPOnly.  
    System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());  
   }  
}

Output:

Check whether the cookie is HTTPOnly: false

Example 3

import java.net.HttpCookie;  
public class JavaHttpCookieSetHttpOnlyExample3 {  
    public static void main(String[] args) {  
        HttpCookie cookie1 = new HttpCookie("Student1", "1");  
        HttpCookie cookie2 = new HttpCookie("Student2", "2");  
        //Indicate whether the cookie can be considered as HTTP Only or not.  
        cookie1.setHttpOnly(true);  
        cookie2.setHttpOnly(false);  
        System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly());  
        System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly());  
       }  
    }

Output:

Check whether the first cookie is HTTPOnly:true
Check whether the second cookie is HTTPOnly:false

The above is the detailed content of How to set HttpOnly Cookie in Java?. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

带你搞懂Java结构化数据处理开源库SPLMay 24, 2022 pm 01:34 PM

本篇文章给大家带来了关于java的相关知识，其中主要介绍了关于结构化数据处理开源库SPL的相关问题，下面就一起来看一下java下理想的结构化数据处理类库，希望对大家有帮助。

Java集合框架之PriorityQueue优先级队列Jun 09, 2022 am 11:47 AM

本篇文章给大家带来了关于java的相关知识，其中主要介绍了关于PriorityQueue优先级队列的相关知识，Java集合框架中提供了PriorityQueue和PriorityBlockingQueue两种类型的优先级队列，PriorityQueue是线程不安全的，PriorityBlockingQueue是线程安全的，下面一起来看一下，希望对大家有帮助。