Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>It is possible by adding a filter into the filter chain that changes your cookie</p> <p>In your config file create the filter and add it into the filter chain as follows:</p> <pre><code>&lt;bean name="httpsCookieFilter" class="bla.bla.bla.HttpsCookieFilter"/&gt; &lt;security:http auto-config="false" entry-point-ref="authenticationEntryPoint"&gt; ... &lt;security:custom-filter position="FIRST" ref="httpsCookieFilter" /&gt; ... &lt;/security:http&gt; </code></pre> <p>And your Filter code looks something like this</p> <pre><code>import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Sessions created under HTTPS, for which the session cookie is marked as “secure”, cannot subsequently be used under * HTTP. The browser will not send the cookie back to the server and any session state will be lost (including the * security context information) * * Tomcat tracks user sessions with the help of the JSESSIONID cookie. If you enter into HTTPS with Tomcat, the cookie * will come back with the secure property being set to true. Subsequently when the redirection to http occurs, the * browser will not transmit the JSESSIONID cookie and you'll get a new session. * * This filter overrides the default Tomcat JSESSIONID behaviour */ public class HttpsCookieFilter implements Filter { @Override public void init(FilterConfig arg0) throws ServletException { } @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) request; final HttpServletResponse httpResponse = (HttpServletResponse) response; final HttpSession session = httpRequest.getSession(false); if (session != null) { final Cookie sessionCookie = new Cookie("JSESSIONID", session.getId()); sessionCookie.setMaxAge(-1); sessionCookie.setSecure(false); sessionCookie.setPath(httpRequest.getContextPath()); httpResponse.addCookie(sessionCookie); } chain.doFilter(request, response); } } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload