Menu
javax.servlet.http.Cookie implements java.lang.Cloneable
In Cookie method, there is a method call "setSecure" , what does it use for? if i setSecure(true), is there anything i need to do on my client(javascript) side to read the cookie? what is different set/without setSecure?
905
The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text.
All that setSecure(true) does is tell the browser that the cookie should only be sent back to the server if using a "secure" protocol, like https. Your JavaScript code doesn't have to do anything different.
113
Yup this ensures that your session cookie is not visible to an attacker like man-in-the-middle attack. Instead of setting it manually You could alternatively configure your web.xml to handle it for you automatically.
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
