How can I create HttpOnly cookies using Servlet API 2.5?

Question

How can I create HttpOnly cookies using Servlet API 2.5?

I am working with a web application using Servlet API v2.5 running on Tomcat 6 and I need to send the client HttpOnly to the client. I'm not talking about session cookies generated by the servlet container (which is excellently addressed by this issue ), but user cookies added by using response.addCookie() .

The Cookie#setHttpOnly() method does not exist in v2.5, so I need to build the HTTP header myself and add the HttpOnly token. Is there an easy way to do this without folding my own implementation of RFC 6265 from scratch?

+4

java cookies servlets servlet-2.5

Brant bobby 24 sept '12 at 18:50

source share

1 answer

Stewart · Answer 1 · 2012-10-31T13:58:40+0000

You might need to implement org.apache.catalina.Valve (which works by a very similar philosophy with a servlet filter) and drop cookies to org.apache.tomcat.util.http.ServerCookie so that you can access low-level details to stick with "HttpOnly," there.

Tomcat API Java Applications

How can I create HttpOnly cookies using Servlet API 2.5?

More articles: