How to set HttpOnly Cookie in Java?
Httponly cookie is a cookie security solution.
In browsers that support httponly cookies (IE6, FF3.0), if the "httponly" attribute is set in the cookie, the JavaScript script will not be able to read the cookie information, which can effectively prevent XSS attacks and allow the website to The application is more secure.
But J2EE4 and J2EE5 cookies do not provide a method to set the httponly attribute, so if you need to set the httponly attribute, you need to handle it yourself.
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
/**
* Cookie Tools
*/
public class CookieUtil {
/**
* Set httponly cookie
* @param Response HTTP response
* @param Cookie cookie object
* @param Ishttponly is httponly
*/
public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
String name = cookie.getName();//Cookie name
String value = cookie.getValue();//Cookie value
int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
String path = cookie.getPath();//path
String domain = cookie.getDomain();//area
boolean isSecure = cookie.getSecure();//Is there a security protocol?
StringBuilder buffer = new StringBuilder();
buffer.append(name).append("=").append(value).append(";");
if (maxAge == 0) {
buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
} else if (maxAge > 0) {
buffer.append("Max-Age=").append(maxAge).append(";");
}
if (domain != null) {
buffer.append("domain=").append(domain).append(";");
}
if (path != null) {
buffer.append("path=").append(path).append(";");
}
if (isSecure) {
buffer.append("secure;");
}
if (isHttpOnly) {
buffer.append("HTTPOnly;");
}
response.addHeader("Set-Cookie", buffer.toString());
}
}It is worth mentioning that the cookie in Java Ee 6.0 has set httponly, so if it is compatible with a Java EE 6.0 compatible container (such as Tomcat 7), you can use cookie.sethttponly to set HTTPONLY:
cookie.setHttpOnly(true);
The setHttpOnly(Boolean httpOnly) method of the Java HttpCookie class is used to indicate whether the cookie can be considered HTTPOnly. If set to true, the cookie cannot be accessed by scripting engines such as JavaScript.
Syntax
public void setHttpOnly(boolean httpOnly)
Scope
The above method requires only one parameter:
httpOnly - true if the cookie is HTTP only, which means it Visible as part of the HTTP request.
Return
Not applicable
Example 1
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample1 {
public static void main(String[] args) {
HttpCookie cookie = new HttpCookie("Student", "1");
// Indicate whether the cookie can be considered as HTTP Only or not.
cookie.setHttpOnly(true);
// Return true if the cookie is considered as HTTPOnly.
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
}
}Output:
Check whether the cookie is HTTPOnly: true
Example 2
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample2 {
public static void main(String[] args) {
HttpCookie cookie = new HttpCookie("Student", "1");
// Indicate whether the cookie can be considered as HTTP Only or not.
cookie.setHttpOnly(false);
// Return false if the cookie is not considered as HTTPOnly.
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
}
}Output:
Check whether the cookie is HTTPOnly: false
Example 3
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample3 {
public static void main(String[] args) {
HttpCookie cookie1 = new HttpCookie("Student1", "1");
HttpCookie cookie2 = new HttpCookie("Student2", "2");
//Indicate whether the cookie can be considered as HTTP Only or not.
cookie1.setHttpOnly(true);
cookie2.setHttpOnly(false);
System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly());
System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly());
}
}Output:
Check whether the first cookie is HTTPOnly:true
Check whether the second cookie is HTTPOnly:false
The above is the detailed content of How to set HttpOnly Cookie in Java?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
Perfect Number in Java
Aug 30, 2024 pm 04:28 PM
Guide to Perfect Number in Java. Here we discuss the Definition, How to check Perfect number in Java?, examples with code implementation.
Weka in Java
Aug 30, 2024 pm 04:28 PM
Guide to Weka in Java. Here we discuss the Introduction, how to use weka java, the type of platform, and advantages with examples.
Smith Number in Java
Aug 30, 2024 pm 04:28 PM
Guide to Smith Number in Java. Here we discuss the Definition, How to check smith number in Java? example with code implementation.
Java Spring Interview Questions
Aug 30, 2024 pm 04:29 PM
In this article, we have kept the most asked Java Spring Interview Questions with their detailed answers. So that you can crack the interview.
Break or return from Java 8 stream forEach?
Feb 07, 2025 pm 12:09 PM
Java 8 introduces the Stream API, providing a powerful and expressive way to process data collections. However, a common question when using Stream is: How to break or return from a forEach operation? Traditional loops allow for early interruption or return, but Stream's forEach method does not directly support this method. This article will explain the reasons and explore alternative methods for implementing premature termination in Stream processing systems. Further reading: Java Stream API improvements Understand Stream forEach The forEach method is a terminal operation that performs one operation on each element in the Stream. Its design intention is
TimeStamp to Date in Java
Aug 30, 2024 pm 04:28 PM
Guide to TimeStamp to Date in Java. Here we also discuss the introduction and how to convert timestamp to date in java along with examples.
Java Program to Find the Volume of Capsule
Feb 07, 2025 am 11:37 AM
Capsules are three-dimensional geometric figures, composed of a cylinder and a hemisphere at both ends. The volume of the capsule can be calculated by adding the volume of the cylinder and the volume of the hemisphere at both ends. This tutorial will discuss how to calculate the volume of a given capsule in Java using different methods. Capsule volume formula The formula for capsule volume is as follows: Capsule volume = Cylindrical volume Volume Two hemisphere volume in, r: The radius of the hemisphere. h: The height of the cylinder (excluding the hemisphere). Example 1 enter Radius = 5 units Height = 10 units Output Volume = 1570.8 cubic units explain Calculate volume using formula: Volume = π × r2 × h (4
How to Run Your First Spring Boot Application in Spring Tool Suite?
Feb 07, 2025 pm 12:11 PM
Spring Boot simplifies the creation of robust, scalable, and production-ready Java applications, revolutionizing Java development. Its "convention over configuration" approach, inherent to the Spring ecosystem, minimizes manual setup, allo
