会话cookie中缺少HttpOnly属性 解决

只需要写一个过滤器即可

 1 package com.neusoft.streamone.framework.security.filter;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.Filter;
 6 import javax.servlet.FilterChain;
 7 import javax.servlet.FilterConfig;
 8 import javax.servlet.ServletException;
 9 import javax.servlet.ServletRequest;
10 import javax.servlet.ServletResponse;
11 import javax.servlet.http.Cookie;
12 import javax.servlet.http.HttpServletRequest;
13 

20 public class CookieHttpOnlyFilter implements Filter
21 {
22 
23     @Override
24     public void destroy()
25     {
26         
27     }
28 
29     @Override
30     public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
31     {
32         Cookie[] cookies = ((HttpServletRequest)request).getCookies();
33         if(cookies!=null)
34         {
35             for(Cookie cookie : cookies){
36                 //tomcat7 支持该属性,tomcat6不支持
37                 cookie.setHttpOnly(true);
38             }
39         }
40         filterChain.doFilter(request, response);
41     }
42 
43     @Override
44     public void init(FilterConfig arg0) throws ServletException
45     {
46         
47     }
48 
49 }

 

posted @ 2015-07-30 22:08  Importer  阅读(23701)  评论(1编辑  收藏  举报