Selaa lähdekoodia

fix #2156 add httpOnly

Shinsuke Sugaya 6 vuotta sitten
vanhempi
commit
d1bd33d46d
1 muutettua tiedostoa jossa 7 lisäystä ja 0 poistoa
  1. 7 0
      src/main/java/org/codelibs/fess/helper/UserInfoHelper.java

+ 7 - 0
src/main/java/org/codelibs/fess/helper/UserInfoHelper.java

@@ -50,6 +50,8 @@ public class UserInfoHelper {
 
     protected Boolean cookieSecure;
 
+    protected boolean httpOnly = true;
+
     public String getUserCode() {
         final HttpServletRequest request = LaRequestUtil.getRequest();
 
@@ -140,6 +142,7 @@ public class UserInfoHelper {
     protected void updateCookie(final String userCode, final int age) {
         final Cookie cookie = new Cookie(cookieName, userCode);
         cookie.setMaxAge(age);
+        cookie.setHttpOnly(httpOnly);
         if (StringUtil.isNotBlank(cookieDomain)) {
             cookie.setDomain(cookieDomain);
         }
@@ -229,4 +232,8 @@ public class UserInfoHelper {
     public void setCookieSecure(final Boolean cookieSecure) {
         this.cookieSecure = cookieSecure;
     }
+
+    public void setCookieHttpOnly(boolean httpOnly) {
+        this.httpOnly = httpOnly;
+    }
 }