I developed a web UI to configure a device. To secure this UI which achieves OWASP top 10 and fix bug that reported by Acunetix application, some improvement must be done on it. One of them is setting HTTP-ONLY for cookies.
How can change/set cookie default attribute in java-spark?
Asked
Active
Viewed 691 times
3
M-Razavi
- 3,327
- 2
- 34
- 46
1 Answers
2
Please try this:
//set HttpOnly properties for all cookies
for (String key : cookies.keySet()) {
if (key != null) {
response.removeCookie(key);
response.cookie("/", key, cookies.get(key), 200, false, true);
}
}
Note that it is not possible to change settings of jetty through spark. Adding such feature to spark can considerably facilitate the process of changing cookie-related settings.
Mohammad Hadi
- 183
- 7