java - Setting an httponly cookie with javax.servlet 2.5 - Stack Overflow

PHOTO EMBED

Fri Jan 29 2021 16:39:09 GMT+0000 (UTC)

Saved by @freejolero #java #httponly #coockie #jax-rs

public static String getHttpOnlyCookieHeader(Cookie cookie) {

    NewCookie newCookie = new NewCookie(cookie.getName(), cookie.getValue(), 
            cookie.getPath(), cookie.getDomain(), cookie.getVersion(), 
            cookie.getComment(), cookie.getMaxAge(), cookie.getSecure());

    return newCookie + "; HttpOnly";
}

And the usage:

response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(myOriginalCookie));


a bit late but since 2.0, javax.ws.rs.core.NewCookie has a constructor with httpOnly, you do not need to append it to toString() : NewCookie nc = new NewCookie("name","value","path","domain","comment",3600,true, true);
content_copyCOPY

Esto sirve para responder una cookie del tipo httponly el cual se guarda en el cliente pero no puede ser accedido median js, solo lo envía el navegador en cada request. Esto es mas seguro que guardar la información en una cookie normal o en un localstorage

https://stackoverflow.com/questions/13147113/setting-an-httponly-cookie-with-javax-servlet-2-5