我做了一个监听器,它根据set secure flag on cookie programatically在cookie上设置了安全标记 我想像secure flag on session cookies in a java中一样自动启用或禁用此标志 如何从ServletContextEvent获取请求?还有其他方法吗?
public class SecureCookieServletContextListener implements ServletContextListener {
private static final String LB_HTTPS_HEADER = "Front-End-Https";
@Override public void contextInitialized(final ServletContextEvent sce) {
final String httpsHeader = request.getHeader(LB_HTTPS_HEADER);
boolean secure = httpsHeader != null && httpsHeader.equalsIgnoreCase("on");
sce.getServletContext().getSessionCookieConfig().setSecure(secure);
}
}