Java – jsessionid is set for httponly and secure

2020-08-31 • Java

We have a Tomcat instance that serves HTTP through SSL nginx proxy We set the connector settings as follows:

connectionTimeout="20000"
redirectPort="8443"
compression="on"
compressionMinSize="2048"
scheme="https"
secure="true"
proxyPort="443"           
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javscript,application/javascript,application/json"

Jsessionid cookies are created on both httponly and SSL We want to limit it to SSL only. We can't seem to understand the logic behind session cookie creation in Java Any hint would be appreciated

Solution

Httponly cookie attribute is a bit misleading: its real meaning is "don't let this cookie be read by client script" It is different from the secure attribute. In fact, it is a good practice to set two attributes for sensitive cookies. These attributes can only be read by the server through HTTPS

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Can I construct arrays in Java without the number of elements?

< <上一篇

Java – how do I display jtextfield when I click an image?

下一篇>>

搜索内容

Java – jsessionid is set for httponly and secure

Solution

热门文章