Java 缺少HTTP协议会话标识符的HttpOnly属性
早些时候,我只获取HTTP/HTTPS协议的HTTPS,但缺少安全属性 为了添加“Secure”属性,我在server.xml的连接器端口语法中添加了Secure=“true”,如下所示-Java 缺少HTTP协议会话标识符的HttpOnly属性,java,servlets,session-cookies,httponly,cookie-httponly,Java,Servlets,Session Cookies,Httponly,Cookie Httponly,早些时候,我只获取HTTP/HTTPS协议的HTTPS,但缺少安全属性 为了添加“Secure”属性,我在server.xml的连接器端口语法中添加了Secure=“true”,如下所示- <Connector address="10.23.17.69" port="8000" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" e
<Connector address="10.23.17.69" port="8000" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="60000" disableUploadTimeout="true" URIEncoding="UTF-8" server="Dev" secure="true" />
还在web.xml中添加了“cookie config”,如下所示-
<session-config>
<session-timeout>120</session-timeout>
<cookie-config>
<secure>true</secure>
<http-only>true</http-only>
</cookie-config>
</session-config>
120
真的
真的
现在对于HTTPS协议,我将会话cookie的“Secure”和“HttpOnly”标志设置为true,如下所示
但对于HTTP协议,我没有得到HttpOnly属性。对于HTTP协议,我需要“HttpOnly=true”
请注意,my context.xml的“context”元素已经包含useHttpOnly属性,如下所示-
<Context useHttpOnly="true">
....
</Context>
....
非常感谢您的任何建议。阅读本文,我认为您错误地设置了会话cookies属性
应该是:
<Context cookies="true" crossContext="true">
<SessionCookie secure="true" httpOnly="true" />