How to set a secure flag in a cookie programmatically

Question

How to set a secure flag in a cookie programmatically

I know that we can do something like this:

<session-config>
 <cookie-config>
 <secure>true</secure>
 </cookie-config>
</session-config>

But I want to set this flag (true or false) based on some configuration.

Should we use a filter and how?

thanks

+4

java security cookies servlets servlet-3.0

kkung Feb 02 '16 at 21:07

source share

1 answer

wero · Accepted Answer · 2016-02-02T21:34:16+0000

Assuming you are in a servlet 3.0+ environment and you don’t want to use web.xmlcookie-secure-flag to indicate the cookie, but programmatically set it:

ServletContextListener web.xml .
contextInitialized SessionCookieConfig:

public void contextInitialized(ServletContextEvent sce) {
     boolean secure = ...
     sce.getServletContext().getSessionCookieConfig().setSecure(secure);
}

How to set a secure flag in a cookie programmatically

More articles: