Reputation: 629
How do i disable HttpOnly cookies in Vaadin?
I have set the cookie in Vaadin and try to get it from another application which was running on the different server but I was not able to get that cookie what i have set in Vaadin?
We need to disable httpOnly cookie.
Can anyone help me "How to solve this issue?"
Upvotes: 1
Views: 3321
Answers (1)
Reputation:
The cookies set in header Set-Cookie. To get it you can use the following code:
URLConnection urlConnection = new URL("url-of-your-web-app-here").openConnection();
List<String> cookiesList = urlConnection.getHeaderFields().get("Set-Cookie");
You can delete flag manually, by deleting HttpOnly:
response.setHeader( "Set-Cookie", "name=value; HttpOnly");
If you’re working in a Servlet 3.0 or newer environment, configure your web.xml as following:
<session-config>
<cookie-config>
<http-only>false</http-only>
</cookie-config>
</session-config>
Note. The HttpOnly flag is an additional flag that is used to prevent an XSS(Cross-Site Scripting) exploit from gaining access to the session cookie.
See Also:
Upvotes: 1
Related Questions
- How to set httpOnly flag true for cookie in Java?
- Vaadin Flow 14 how to set HttpOnly cookie flag
- Vaadin "Cookies Disabled" Message in Chrome
- VaadinCDIServlet Cookies.get(request, Constans)
- Java HttpOnly Flag
- Vaadin 7 example showing "Cookies Disabled" message when deployed to tomcat 7
- Vaadin 7 : How to update Cookie value?
- How to set cookie in Vaadin and get it in front end?
- How to stop sending cookies to Server with each request
- Vaadin and Tomcat7 Problems log in