2
我已发现此解决方案上索夫link 但我不得不它有两个原因改变:如何在Tomcat 6设置的HttpOnly标志在JSF 2.0应用
- 没有.getFacesContext() 函数
- 我没有特定的Cookie文件 (见行 ourcookiename = yourcookievalue)
我的代码看起来是这样的:
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpServletResponse response = (HttpServletResponse) facesContext.getExternalContext().getResponse();
response.addHeader("Set-Cookie", "; HTTPOnly");
原代码
FacesContext facesContext = FacesContext.getCurrentInstance().getFacesContext();
HttpServletResponse response = (HttpServletResponse) facesContext.getExternalContext().getResponse();
response.addHeader("Set-Cookie", "yourcookiename=yourcookievalue; HTTPOnly");
请纠正我,如果我错了。谢谢你在前进
谢谢。我希望这将有助于防止XSS攻击 – Szajba