我有一个基于Web的应用程序,可以在JBoss 4.2.1上运行。我想在 SET-COOKIE 响应标头下添加安全和仅限http 标记。我已经使用OWASP的ESAPI库在java中编写了一个过滤器来做到这一点。以下是相同的java代码。
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(request, response);
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
SecurityWrapperResponse securityWrapperResponse = new SecurityWrapperResponse(httpServletResponse);
Cookie[] cookies = httpServletRequest.getCookies();
if (cookies != null)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie cookie = cookies[i];
if (cookie != null)
{
securityWrapperResponse.addCookie(cookie);
}
}
}
}
当我启动服务器并加载页面时,这些属性不会出现在响应标头下。但是一旦我刷新页面,我就能看到所有这些。当页面第一次加载时,停止在响应标题下填充这些标志会出现什么问题?
请在此提供您的意见......
由于