Caucho Forums  

This forum is permanently closed because of spam. For free community support, please visit Google Groups:


Go Back   Caucho Forums > Resin

Reply
 
Thread Tools Display Modes
  #1  
Old 01-30-2014, 11:30 PM
guangyan guangyan is offline
Junior Member
 
Join Date: Jan 2010
Posts: 4
Default httponly attribute cannot be reset in resin server

I am trying to reset the JSESSIONID java session id cookie's attribute "httponly" to "true", some how, it does not allow me to do it. Here is the code
after I set httponly to "true" on, the client side still show false. but if I set <web-app id="" root-directory="/var/resin/foo">
<cookie-http-only>true</cookie-http-only>
<web-app id="">
in resin.xml it will work, but it set all cookie httponly to true. that is not what I want. Any one know about this.


for (int i = 0; cookies != null && i < cookies.length; i++) {
if(cookies[i].getName() !=null && cookies[i].getName().matches("JSESSIONID&quot){
Cookie cookie = new Cookie(cookies[i].getName()+"1",cookies[i].getValue());
cookie.setDomain(cookies[i].getDomain());
cookie.setMaxAge(cookies[i].getMaxAge());
cookie.setPath(cookies[i].getPath());
cookie.setSecure(cookies[i].getSecure());
cookie.setVersion(cookies[i].getVersion());
cookie.setComment(cookies[i].getComment());
cookie.setHttpOnly(true);
response.addCookie(cookie);

}

}
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:56 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.