servlet设置cookie安全吗?
javax.servlet.http.Cookie implements java.lang.Cloneable
在Cookie方法中,有一个方法叫“setSecure”,它有什么用呢?如果我 setSecure(true),我需要在客户端(javascript)端做什么来读取 cookie?设置/不设置 setSecure 有什么不同?
javax.servlet.http.Cookie implements java.lang.Cloneable
In Cookie method, there is a method call "setSecure" , what does it use for? if i setSecure(true), is there anything i need to do on my client(javascript) side to read the cookie? what is different set/without setSecure?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
所有这些
setSecure(true )的作用是告诉浏览器,只有使用“安全”协议(例如https)时,才应将 cookie 发送回服务器。您的 JavaScript 代码不必做任何不同的事情。All that
setSecure(true)does is tell the browser that the cookie should only be sent back to the server if using a "secure" protocol, likehttps. Your JavaScript code doesn't have to do anything different.是的,这可以确保您的会话 cookie 对攻击者不可见,例如中间人攻击。除了手动设置之外,您还可以配置 web.xml 以自动为您处理它。
Yup this ensures that your session cookie is not visible to an attacker like man-in-the-middle attack. Instead of setting it manually You could alternatively configure your web.xml to handle it for you automatically.