SameSite cookie in Java application

后端未结

关注

 9  2017

没有蜡笔的小新 2020-12-24 01:08

Do you know any Java cookie implementation which allows to set a custom flag for cookie, like SameSite=strict? It seems that javax.servlet.http.Cookie has a str

9条回答

旧巷少年郎 (楼主)

2020-12-24 01:16
Jetty server version 9.4.26.v20200117 allows for setting the SameSite attribute on the cookie. I had to do some digging around but this works.
```
import static org.eclipse.jetty.http.HttpCookie.SAME_SITE_STRICT_COMMENT;

...

Cookie cookie = new Cookie("my-cookie", "some-value");
cookie.setMaxAge(120); // age in seconds
cookie.setSecure(true);
cookie.setHttpOnly(true);
cookie.setComment(SAME_SITE_STRICT_COMMENT);

response.addCookie(cookie);
```
The addCookie() method on jetty servers's Response object does a check on the comment to add the SameSite attribute.
0 讨论(0)

查看其它9个回答
发布评论:

提交评论
- 加载中...