cookie 設定 httpOnly屬性

標籤：cookie 設定 httponly屬性

cookie 設定 httpOnly屬性防止js讀取cookie.

建立filter攔截器類

CookieHttpOnlyFilter

import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * * <P>CookieにHTTPOnly屬性を設定インターセプタークラス.</P>** @author hnnc* @author $Author$* @version $Id$ */public class CookieHttpOnlyFilter implements Filter {    /** {@inheritDoc} **/    public void doFilter(ServletRequest request, ServletResponse response,            FilterChain chain) throws IOException, ServletException {        if (!(request instanceof HttpServletRequest)) {            chain.doFilter(request, response);            return;        }        HttpServletRequest httpReq = (HttpServletRequest) request;        HttpServletResponse httpResp = (HttpServletResponse) response;        Cookie[] cookies = httpReq.getCookies();        if (cookies != null) {            Cookie cookie = cookies[0];            if (cookie != null) {                HttpSession session = httpReq.getSession();                if (session != null) {                    String sessionId = session.getId();                    // httpの設定                    httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId                            + "; Path=/admin; HttpOnly");                    // httpsの設定//                    httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId//                            + "; Path=/admin;Secure; HttpOnly");                }            }        }        chain.doFilter(httpReq, httpResp);                    }    /** {@inheritDoc} **/    public void destroy() {    }    /** {@inheritDoc} **/    public void init(FilterConfig filterConfig) throws ServletException {    }}

web.xml中配置攔截器

<filter>   <filter-name>CookieHttpOnly</filter-name>   <filter-class>jp.co.univ.www.admin.filter.CookieHttpOnlyFilter</filter-class>   </filter><filter-mapping>   <filter-name>CookieHttpOnly</filter-name>   <url-pattern>/*</url-pattern>   </filter-mapping>

650) this.width=650;" src="https://s3.51cto.com/wyfs02/M01/8E/25/wKiom1i2miSRzQkQAAAsbpl1DHM484.gif-wh_500x0-wm_3-wmp_4-s_811756450.gif" title="2017-03-01_175331.gif" alt="wKiom1i2miSRzQkQAAAsbpl1DHM484.gif-wh_50" />

參考：

http://conkeyn.iteye.com/blog/2025484

http://blog.csdn.net/a19881029/article/details/27536917

cookie 設定 httpOnly屬性