瀏覽代碼

fix #2156 add httpOnly

Shinsuke Sugaya 6 年之前
父節點
當前提交
d1bd33d46d
共有 1 個文件被更改,包括 7 次插入0 次删除
  1. 7 0
      src/main/java/org/codelibs/fess/helper/UserInfoHelper.java

+ 7 - 0
src/main/java/org/codelibs/fess/helper/UserInfoHelper.java

@@ -50,6 +50,8 @@ public class UserInfoHelper {
 
     protected Boolean cookieSecure;
 
+    protected boolean httpOnly = true;
+
     public String getUserCode() {
         final HttpServletRequest request = LaRequestUtil.getRequest();
 
@@ -140,6 +142,7 @@ public class UserInfoHelper {
     protected void updateCookie(final String userCode, final int age) {
         final Cookie cookie = new Cookie(cookieName, userCode);
         cookie.setMaxAge(age);
+        cookie.setHttpOnly(httpOnly);
         if (StringUtil.isNotBlank(cookieDomain)) {
             cookie.setDomain(cookieDomain);
         }
@@ -229,4 +232,8 @@ public class UserInfoHelper {
     public void setCookieSecure(final Boolean cookieSecure) {
         this.cookieSecure = cookieSecure;
     }
+
+    public void setCookieHttpOnly(boolean httpOnly) {
+        this.httpOnly = httpOnly;
+    }
 }