Httponly cookie 是一種 cookie 安全解決方案。
在支援httponly cookie的瀏覽器(IE6 、FF3.0 )中,如果cookie中設定了「httponly」屬性,則JavaScript腳本將無法讀取cookie訊息,可以有效防止XSS攻擊,讓網站應用更安全。
但是J2EE4、J2EE5 cookie不提供設定httponly屬性的方法,所以如果需要設定httponly屬性需要自己處理。
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
/**
* Cookie Tools
*/
public class CookieUtil {
/**
* Set httponly cookie
* @param Response HTTP response
* @param Cookie cookie object
* @param Ishttponly is httponly
*/
public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
String name = cookie.getName();//Cookie name
String value = cookie.getValue();//Cookie value
int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
String path = cookie.getPath();//path
String domain = cookie.getDomain();//area
boolean isSecure = cookie.getSecure();//Is there a security protocol?
StringBuilder buffer = new StringBuilder();
buffer.append(name).append("=").append(value).append(";");
if (maxAge == 0) {
buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
} else if (maxAge > 0) {
buffer.append("Max-Age=").append(maxAge).append(";");
}
if (domain != null) {
buffer.append("domain=").append(domain).append(";");
}
if (path != null) {
buffer.append("path=").append(path).append(";");
}
if (isSecure) {
buffer.append("secure;");
}
if (isHttpOnly) {
buffer.append("HTTPOnly;");
}
response.addHeader("Set-Cookie", buffer.toString());
}
}值得一提的是,Java Ee 6.0中的cookie已經設定了httponly,所以如果相容Java EE 6.0相容的容器(例如Tomcat 7),可以使用cookie.sethttponly設定HTTPONLY:
cookie.setHttpOnly(true);
Java HttpCookie 類別的setHttpOnly(Boolean httpOnly) 方法用來指示cookie 是否可以被認為是HTTPOnly。如果設定為 true,則 cookie 不能被 JavaScript 等腳本引擎存取。
句法
public void setHttpOnly(boolean httpOnly)
範圍
上述方法只需要一個參數:
httpOnly - 如果cookie 僅是HTTP,則表示true,這表示它作為HTTP 請求的一部分可見。
返回
不適用
範例1
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample1 {
public static void main(String[] args) {
HttpCookie cookie = new HttpCookie("Student", "1");
// Indicate whether the cookie can be considered as HTTP Only or not.
cookie.setHttpOnly(true);
// Return true if the cookie is considered as HTTPOnly.
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
}
}#輸出:
Check whether the cookie is HTTPOnly: true
範例2
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample2 {
public static void main(String[] args) {
HttpCookie cookie = new HttpCookie("Student", "1");
// Indicate whether the cookie can be considered as HTTP Only or not.
cookie.setHttpOnly(false);
// Return false if the cookie is not considered as HTTPOnly.
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
}
}輸出:
Check whether the cookie is HTTPOnly: false
範例3
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample3 {
public static void main(String[] args) {
HttpCookie cookie1 = new HttpCookie("Student1", "1");
HttpCookie cookie2 = new HttpCookie("Student2", "2");
//Indicate whether the cookie can be considered as HTTP Only or not.
cookie1.setHttpOnly(true);
cookie2.setHttpOnly(false);
System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly());
System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly());
}
}輸出:
Check whether the first cookie is HTTPOnly:true
Check whether the second cookie is HTTPOnly:false
以上是如何在Java中設定HttpOnly Cookie?的詳細內容。更多資訊請關注PHP中文網其他相關文章!
熱AI工具
Undresser.AI Undress
人工智慧驅動的應用程序,用於創建逼真的裸體照片
AI Clothes Remover
用於從照片中去除衣服的線上人工智慧工具。
Undress AI Tool
免費脫衣圖片
Clothoff.io
AI脫衣器
AI Hentai Generator
免費產生 AI 無盡。
熱門文章
熱工具
MinGW - Minimalist GNU for Windows
這個專案正在遷移到osdn.net/projects/mingw的過程中,你可以繼續在那裡關注我們。 MinGW:GNU編譯器集合(GCC)的本機Windows移植版本,可自由分發的導入函式庫和用於建置本機Windows應用程式的頭檔;包括對MSVC執行時間的擴展,以支援C99功能。 MinGW的所有軟體都可以在64位元Windows平台上運作。
Dreamweaver CS6
視覺化網頁開發工具
WebStorm Mac版
好用的JavaScript開發工具
ZendStudio 13.5.1 Mac
強大的PHP整合開發環境
記事本++7.3.1
好用且免費的程式碼編輯器
