HttpOnly cookies in tomcat_JAVA

您所在的位置：程序员俱乐部 > 编程开发 > JAVA > HttpOnly cookies in tomcat

HttpOnly cookies in tomcat

2011/12/29 17:28:08 Morgan0916 http://morgan0916.iteye.com 我要评论(0)

摘要：ForHttpOnly,referto:ProtectingYourCookies:HttpOnlyhttp://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.htmlhttpOnlyissupportedasofTomcat6.0.19andTomcat5.5.28.Seethechangelogentryforbug44382.Thelastcommentforbug44382states
标签：Tomcat Cookie

For HttpOnly, refer to:

Protecting Your Cookies: HttpOnly
http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html

httpOnly is supported as of Tomcat 6.0.19 and Tomcat 5.5.28.

See the changelog entry for bug 44382.

The last comment for bug 44382 states, "this has been applied to 5.5.x and will be included in 5.5.28 onwards." However, it does not appear that 5.5.28 has been released.

The httpOnly functionality can be enabled for all webapps in conf/context.xml:

<Context useHttpOnly="true">
...
</Context>

My interpretation is that it also works for an individual context by setting it on the desired Context entry in conf/server.xml (in the same manner as above).

http://stackoverflow.com/questions/33412/how-do-you-configure-httponly-cookies-in-tomcat-java-webapps

上一篇： java nio异步读取转载下一篇： java与javascript数据互传乱码问题