How to add isHttpOnly and secure as true in cookie?

Question

This piece of code I wrote to fulfill the purpose but its is not working it seems. Can you please help , something is wrong or missed here ?

   HttpSession session = req.getSession(true);
    final Cookie cookie = new Cookie("CPSESSIONID", session.getId());
    //cookie.setPath("/");
    cookie.setPath(";Path=/;HttpOnly;");
    cookie.setSecure(true);
    res.addCookie(cookie);

Please share your opinion for above concerns raised ? – Ritika May 14 '20 at 03:29 — Ritika, May 14 '20 at 03:29

score 0 · Answer 1 · answered May 13 '20 at 08:28

0

You can use cookie.setHttpOnly(true); to consider as HtttpOnly. It controls if this cookie will be hidden from scripts on the client-side.

answered May 13 '20 at 08:28

vivek_vara

51
3

we don't have setHttpOnly() method in servlet 2.5 version so tried above way by setting path even secure also it is not working. https://stackoverflow.com/questions/13147113/setting-an-httponly-cookie-with-javax-servlet-2-5 – Ritika May 13 '20 at 09:04
You mean below snippet is also not working? response.setHeader("SET-COOKIE", "CPSESSIONID=" + sessionid + "; HttpOnly"); – vivek_vara May 19 '20 at 16:49

How to add isHttpOnly and secure as true in cookie?

1 Answers1