处理方案: 1、 修改web.xml增加过滤器,信息如下所示: <filter> <filter-name>cookieFilter <filter-class>com.sean.CookieFilter </filter> <filter-mapping> <filter-name>cookieFilter <url-pattern>/* </filter-mapping> 2、 编写java代码内容如下: public class CookieFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; Cookie[] cookies = req.getCookies(); if (cookies != null) { Cookie cookie = cookies[0]; if (cookie != null) { /*cookie.setMaxAge(3600); cookie.setSecure(true); resp.addCookie(cookie);*/ //Servlet 2.5不支持在Cookie上直接设置HttpOnly属性 String value = cookie.getValue(); StringBuilder builder = new StringBuilder(); builder.append("JSESSIONID=" + value + "; "); builder.append("Secure; "); builder.append("HttpOnly; "); Calendar cal = Calendar.getInstance(); cal.add(Calendar.HOUR, 1); Date date = cal.getTime(); Locale locale = Locale.CHINA; SimpleDateFormat sdf = new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale); builder.append("Expires=" + sdf.format(date)); resp.setHeader("Set-Cookie", builder.toString()); } } chain.doFilter(req, resp); } public void destroy() { } public void init(FilterConfig arg0) throws ServletException { } } 或者如下配置: HttpServletResponse response2 = (HttpServletResponse)response; response2.setHeader( "Set-Cookie", "name=value; HttpOnly"); |
|