HttpOnly cookies in tomcat_JAVA_编程开发_程序员俱乐部

中国优秀的程序员网站程序员频道CXYCLUB技术地图
热搜:
更多>>
 
您所在的位置: 程序员俱乐部 > 编程开发 > JAVA > HttpOnly cookies in tomcat

HttpOnly cookies in tomcat

 2011/12/29 17:28:08  Morgan0916  http://morgan0916.iteye.com  我要评论(0)
  • 摘要:ForHttpOnly,referto:ProtectingYourCookies:HttpOnlyhttp://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.htmlhttpOnlyissupportedasofTomcat6.0.19andTomcat5.5.28.Seethechangelogentryforbug44382.Thelastcommentforbug44382states
  • 标签:Tomcat Cookie
For HttpOnly, refer to:

Protecting Your Cookies: HttpOnly
http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html

httpOnly is supported as of Tomcat 6.0.19 and Tomcat 5.5.28.

See the changelog entry for bug 44382.

The last comment for bug 44382 states, "this has been applied to 5.5.x and will be included in 5.5.28 onwards." However, it does not appear that 5.5.28 has been released.

The httpOnly functionality can be enabled for all webapps in conf/context.xml:

<Context useHttpOnly="true">
...
</Context>

My interpretation is that it also works for an individual context by setting it on the desired Context entry in conf/server.xml (in the same manner as above).

http://stackoverflow.com/questions/33412/how-do-you-configure-httponly-cookies-in-tomcat-java-webapps
发表评论
用户名: 匿名