https://blog.csdn.net/Ideality_hunter/article/details/80621138
https://www.cnblogs.com/unclekeith/p/7750681.html
7) HttpOnly , if you set the "HttpOnly" attribute in the Cookie, then through the program (JS script, Applet, etc.) will not be able to read the Cookie information.
HttpOnly disposed directly on Cookie Properties
https://blog.csdn.net/jinming1109/article/details/80281380
1. The need to configure the filter in web.xml
<-! Cookie attribute HttpOnly Add ->
<filter>
<filter-name> CookieFilter </ filter-name>
<filter-class> directory .CookieFilter </ filter- class>
</ filter>
<filter-Mapping>
<filter-name> CookieFilter </ filter-name>
<URL-pattern> / * </ URL-pattern>
</ filter-Mapping>
2.java file
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CookieFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
Cookie[] cookies = req.getCookies();
if (cookies != null) {
Cookie cookie = cookies[0];
if (cookie != null) {
/*
* cookie.setMaxAge(3600); cookie.setSecure(true); resp.addCookie(cookie);
*/
// Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append("JSESSIONID=" + value + "; ");
builder.append("Secure; ");
builder.append("HttpOnly; ");
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, 1);
Date date = cal.getTime();
Locale locale = Locale.CHINA;
SimpleDateFormat sdf = new SimpleDateFormat("dd-MM-yyyy HH:mm:ss", locale);
builder.append("Expires=" + sdf.format(date));
resp.setHeader("Set-Cookie", builder.toString());
}
}
chain.doFilter(req, resp);
}
public void destroy() {
}
void the init public (the FilterConfig the arg0) throws ServletException {
}
}
---------------------
OF: Tsai Ming souls
Source: CSDN
description: https: // blog. csdn.net/jinming1109/article/details/80281380
Disclaimer: This article is a blogger original article, reproduced, please attach Bowen link!