会话cookie中缺少HttpOnly属性 解决
只需要写一个过滤器即可
1 package com.neusoft.streamone.framework.security.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest; 10 import javax.servlet.ServletResponse; 11 import javax.servlet.http.Cookie; 12 import javax.servlet.http.HttpServletRequest; 13 20 public class CookieHttpOnlyFilter implements Filter 21 { 22 23 @Override 24 public void destroy() 25 { 26 27 } 28 29 @Override 30 public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException 31 { 32 Cookie[] cookies = ((HttpServletRequest)request).getCookies(); 33 if(cookies!=null) 34 { 35 for(Cookie cookie : cookies){ 36 //tomcat7 支持该属性,tomcat6不支持 37 cookie.setHttpOnly(true); 38 } 39 } 40 filterChain.doFilter(request, response); 41 } 42 43 @Override 44 public void init(FilterConfig arg0) throws ServletException 45 { 46 47 } 48 49 }