Cookie设置HttpOnly属性,防止前端脚本更改cookie的XSS攻击
来源:互联网 发布:淘宝店铺小图标素材 编辑:程序博客网 时间:2024/05/18 01:23
Tomcat版本为6.0.39,JDK版本为1.6update45
在Web工程上增加一个Filter对Cookie进行处理
public class CookieFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; Cookie[] cookies = req.getCookies(); if (cookies != null) { Cookie cookie = cookies[0]; if (cookie != null) { /*cookie.setMaxAge(3600); cookie.setSecure(true); resp.addCookie(cookie);*/ //Servlet 2.5不支持在Cookie上直接设置HttpOnly属性 String value = cookie.getValue(); StringBuilder builder = new StringBuilder(); builder.append("JSESSIONID=" + value + "; "); builder.append("Secure; "); builder.append("HttpOnly; "); Calendar cal = Calendar.getInstance(); cal.add(Calendar.HOUR, 1); Date date = cal.getTime(); Locale locale = Locale.CHINA; SimpleDateFormat sdf = new SimpleDateFormat("dd-MM-yyyy HH:mm:ss",locale); builder.append("Expires=" + sdf.format(date)); resp.setHeader("Set-Cookie", builder.toString()); } } chain.doFilter(req, resp); } public void destroy() { } public void init(FilterConfig arg0) throws ServletException { } } XML中的设置<ol class="dp-xml" start="1"><li class="alt"><span><span class="tag"><</span><span class="tag-name">filter</span><span class="tag">></span><span> </span></span></li><li><span> <span class="tag"><</span><span class="tag-name">filter-name</span><span class="tag">></span><span>cookieFilter</span><span class="tag"></</span><span class="tag-name">filter-name</span><span class="tag">></span><span> </span></span></li><li class="alt"><span> <span class="tag"><</span><span class="tag-name">filter-class</span><span class="tag">></span><span>com.sean.CookieFilter</span><span class="tag"></</span><span class="tag-name">filter-class</span><span class="tag">></span><span> </span></span></li><li><span><span class="tag"></</span><span class="tag-name">filter</span><span class="tag">></span><span> </span></span></li><li class="alt"><span> </span></li><li><span><span class="tag"><</span><span class="tag-name">filter-mapping</span><span class="tag">></span><span> </span></span></li><li class="alt"><span> <span class="tag"><</span><span class="tag-name">filter-name</span><span class="tag">></span><span>cookieFilter</span><span class="tag"></</span><span class="tag-name">filter-name</span><span class="tag">></span><span> </span></span></li><li><span> <span class="tag"><</span><span class="tag-name">url-pattern</span><span class="tag">></span><span>/*</span><span class="tag"></</span><span class="tag-name">url-pattern</span><span class="tag">></span><span> </span></span></li><li class="alt"><span><span class="tag"></</span><span class="tag-name">filter-mapping</span><span class="tag">></span><span> </span></span></li></ol>如果你已有过滤器,也可以将上述代码直接放在自己的过滤器里面 添加成功后,F12 查看网络-cookie 下方是否显示httponly 显示的话,说明设置成功。
0 0
- Cookie设置HttpOnly属性,防止前端脚本更改cookie的XSS攻击
- express中设置cookie的httpOnly属性防御xss攻击
- 设置cookie的httponly属性
- cookie的httponly属性
- COOKIE的HttpOnly属性
- PHP设置Cookie的HTTPONLY属性
- jsp设置cookie的HTTPOnly属性
- PHP设置Cookie的HTTPONLY属性
- 关于cookie的httponly属性
- Cookie设置HttpOnly,Secure,Expire属性
- Cookie设置HttpOnly,Secure,Expire属性
- Tomcat为Cookie设置HttpOnly属性
- .NET中的Cookie设置HttpOnly,可以防止JS获取Cookie的值
- cookie httponly属性
- cookie httponly属性
- django 设置cookie,httponly
- cookie设置HttpOnly
- HttpOnly介绍以及防止XSS攻击时的作用(转)
- SpringMVC介绍之Validation
- Python - Json
- 浅谈UML的概念和模型之UML九种图
- 【Java】函数中的参数传递是“引用传递”还是“值传递”?
- Tomcat内存设置
- Cookie设置HttpOnly属性,防止前端脚本更改cookie的XSS攻击
- css画个三角形,可旋转
- linux tar 使用
- mysql使用federated_实现类似oracle的dblink的功能
- 修改友盟社会化组件
- 《算法:C语言实现(第1-4部分)基础知识、数据结构、排序及搜索(原书第3版)》┊Robert Sedgewick[.PDF]
- mysql命令更改表结构:添加、删除、修改字段、调整字段顺序
- 临界区的实现与原理
- linux中MySQL权限问题