I know we can do something like this:
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
But what I want to achieve is to set this flag (true or false) based on some config.
Should we use a filter and how ?
Thanks
Assuming that you are in a servlet 3.0+ environment, and you don't want to use web.xml to specify the cookie-secure-flag but set it programmatically:
Implement a ServletContextListener and register it in the web.xml or via annotation.
In its contextInitialized method evaluate your secure flag from your config and set it on the SessionCookieConfig:
public void contextInitialized(ServletContextEvent sce) {
boolean secure = ...
sce.getServletContext().getSessionCookieConfig().setSecure(secure);
}
来源:https://stackoverflow.com/questions/35163824/how-to-set-secure-flag-on-cookie-programatically