日韩av黄I国产麻豆传媒I国产91av视频在线观看I日韩一区二区三区在线看I美女国产在线I麻豆视频国产在线观看I成人黄色短片

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 >

检测到会话cookie中缺少HttpOnly属性

發布時間:2024/9/27 39 豆豆
生活随笔 收集整理的這篇文章主要介紹了 检测到会话cookie中缺少HttpOnly属性 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

解決方案01:在會話cookie中添加HttpOnly屬性
具體操作步驟如下:

HttpServletResponse response2 = (HttpServletResponse)response; response2.setHeader( "Set-Cookie", "name=value; HttpOnly");


解決方案02(建議使用):在會話cookie中添加HttpOnly屬性
具體操作步驟如下:
在項目中,com.gblfy.util包下,新建CookieFilter類
見附件:

package com.sinosoft.fis.util;import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession;/*** 功能描述:* <p>* 1.Cookie 設置 httpOnly屬性 Cookie * 2.設置 httpOnly屬性防止js讀取cookie* </p>** @author gblfy*/ public class CookieHttpOnlyFilter implements Filter {public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {if (!(request instanceof HttpServletRequest)) {chain.doFilter(request, response);return;}HttpServletRequest httpReq = (HttpServletRequest) request;HttpServletResponse httpResp = (HttpServletResponse) response;Cookie[] cookies = httpReq.getCookies();if (cookies != null) {Cookie cookie = cookies[0];if (cookie != null) {HttpSession session = httpReq.getSession();if (session != null) {String sessionId = session.getId();// http設置httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId + "; Path=/fis; HttpOnly");// https設置 // httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId // + "; Path=/admin;Secure; HttpOnly");}}}chain.doFilter(httpReq, httpResp);}public void destroy() {}public void init(FilterConfig filterConfig) throws ServletException {}}

在web.xml中添加攔截器

<filter><filter-name> CookieHttpOnly</filter-name><filter-class> com.sinosoft.fis.util. CookieHttpOnlyFilter</filter-class></filter><filter-mapping><filter-name> CookieHttpOnly</filter-name><url-pattern>/*</url-pattern></filter-mapping>

火狐測試結果:

谷歌測試結果:

漏洞2參考連接:
https://blog.51cto.com/10926470/1921232
https://blog.csdn.net/a19881029/article/details/27536917

總結

以上是生活随笔為你收集整理的检测到会话cookie中缺少HttpOnly属性的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。