Is the servlet cookie set safe?

Question

Is the servlet cookie set safe?

javax.servlet.http.Cookie implements java.lang.Cloneable

There is a setSecure call method in the Cookie method, what is it used for? if I setSecure (true), is there anything I need to do on my client side (javascript) to read the cookie? what else is set / without setSecure?

+6

java session-cookies servlets

cometta Jan 2 '10 at 13:14

source share

2 answers

This ensures that your cookie session is not visible to the attacker like a man-in-the-middle attack. Instead of installing it manually , you can alternatively configure your web.xml to process it automatically for you.

 <session-config> <cookie-config> <secure>true</secure> </cookie-config> </session-config>

0

Al-kathiri khalid Nov 30 '16 at 15:15

source share

Tj crowder · Accepted Answer · 2011-01-02T13:19:34+0000

All that setSecure(true) tells the browser that a cookie should be sent back to the server only when using a "secure" protocol like https . Your JavaScript code should not do anything else.

Is the servlet cookie set safe?

More articles: