增加Cookie安全性,支持设置Cookie的HttpOnly和Secure属性

2026-02-27 16:50:24 +08:00 · 2021-09-27 01:09:30 +08:00
parent 4fb1ea96fb
commit 7acf5e9790
6 changed files with 70 additions and 25 deletions
--- a/sa-token-starter/sa-token-servlet/src/main/java/cn/dev33/satoken/servlet/model/SaResponseForServlet.java
+++ b/sa-token-starter/sa-token-servlet/src/main/java/cn/dev33/satoken/servlet/model/SaResponseForServlet.java
@@ -42,14 +42,14 @@ public class SaResponseForServlet implements SaResponse {
 	 */
 	@Override
 	public void deleteCookie(String name) {
-		addCookie(name, null, null, null, 0);
+		addCookie(name, null, null, null, 0, false, false);
 	}

 	/**
-	 * 写入指定Cookie 
+	 * 写入指定Cookie
 	 */
 	@Override
-	public void addCookie(String name, String value, String path, String domain, int timeout) {
+	public void addCookie(String name, String value, String path, String domain, int timeout, boolean isHttpOnly, boolean isSecure) {
 		Cookie cookie = new Cookie(name, value);
 		if(SaFoxUtil.isEmpty(path) == true) {
 			path = "/";
@@ -59,6 +59,8 @@ public class SaResponseForServlet implements SaResponse {
 		}
 		cookie.setPath(path);
 		cookie.setMaxAge(timeout);
+		cookie.setHttpOnly(isHttpOnly);
+		cookie.setSecure(isSecure);
 		response.addCookie(cookie);
 	}