日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 >

检测到会话cookie中缺少HttpOnly属性

發布時間:2024/9/27 29 豆豆
生活随笔 收集整理的這篇文章主要介紹了 检测到会话cookie中缺少HttpOnly属性 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

解決方案01:在會話cookie中添加HttpOnly屬性
具體操作步驟如下:

HttpServletResponse response2 = (HttpServletResponse)response; response2.setHeader( "Set-Cookie", "name=value; HttpOnly");


解決方案02(建議使用):在會話cookie中添加HttpOnly屬性
具體操作步驟如下:
在項目中,com.gblfy.util包下,新建CookieFilter類
見附件:

package com.sinosoft.fis.util;import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession;/*** 功能描述:* <p>* 1.Cookie 設置 httpOnly屬性 Cookie * 2.設置 httpOnly屬性防止js讀取cookie* </p>** @author gblfy*/ public class CookieHttpOnlyFilter implements Filter {public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {if (!(request instanceof HttpServletRequest)) {chain.doFilter(request, response);return;}HttpServletRequest httpReq = (HttpServletRequest) request;HttpServletResponse httpResp = (HttpServletResponse) response;Cookie[] cookies = httpReq.getCookies();if (cookies != null) {Cookie cookie = cookies[0];if (cookie != null) {HttpSession session = httpReq.getSession();if (session != null) {String sessionId = session.getId();// http設置httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId + "; Path=/fis; HttpOnly");// https設置 // httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId // + "; Path=/admin;Secure; HttpOnly");}}}chain.doFilter(httpReq, httpResp);}public void destroy() {}public void init(FilterConfig filterConfig) throws ServletException {}}

在web.xml中添加攔截器

<filter><filter-name> CookieHttpOnly</filter-name><filter-class> com.sinosoft.fis.util. CookieHttpOnlyFilter</filter-class></filter><filter-mapping><filter-name> CookieHttpOnly</filter-name><url-pattern>/*</url-pattern></filter-mapping>

火狐測試結果:

谷歌測試結果:

漏洞2參考連接:
https://blog.51cto.com/10926470/1921232
https://blog.csdn.net/a19881029/article/details/27536917

總結

以上是生活随笔為你收集整理的检测到会话cookie中缺少HttpOnly属性的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。