diff --git a/src/helma/framework/CookieTrans.java b/src/helma/framework/CookieTrans.java index 6c4a3a41..f2f05afb 100644 --- a/src/helma/framework/CookieTrans.java +++ b/src/helma/framework/CookieTrans.java @@ -24,11 +24,13 @@ import javax.servlet.http.Cookie; * of an HTTP cookie. */ public final class CookieTrans implements Serializable { - String name; - String value; - String path; - String domain; - int days = -1; + private String name; + private String value; + private String path; + private String domain; + private boolean isHttpOnly = true; + private boolean isSecure = false; + private int days = -1; CookieTrans(String name, String value) { this.name = name; @@ -51,9 +53,15 @@ public final class CookieTrans implements Serializable { this.domain = domain; } + void setHttpOnly(boolean isHttpOnly) { + this.isHttpOnly = isHttpOnly; + } + + void setSecure(boolean isSecure) { + this.isSecure = isSecure; + } + /** - * - * * @return ... */ public String getName() { @@ -61,8 +69,6 @@ public final class CookieTrans implements Serializable { } /** - * - * * @return ... */ public String getValue() { @@ -70,8 +76,6 @@ public final class CookieTrans implements Serializable { } /** - * - * * @return ... */ public int getDays() { @@ -79,8 +83,6 @@ public final class CookieTrans implements Serializable { } /** - * - * * @return ... */ public String getPath() { @@ -88,14 +90,26 @@ public final class CookieTrans implements Serializable { } /** - * - * * @return ... */ public String getDomain() { return domain; } + /** + * @return ... + */ + public boolean getHttpOnly() { + return isHttpOnly; + } + + /** + * @return ... + */ + public boolean getSecure() { + return isSecure; + } + /** * * @@ -126,6 +140,8 @@ public final class CookieTrans implements Serializable { } else if (defaultDomain != null) { c.setDomain(defaultDomain); } + c.setHttpOnly(isHttpOnly); + c.setSecure(isSecure); return c; } diff --git a/src/helma/framework/ResponseBean.java b/src/helma/framework/ResponseBean.java index 47e3b751..460053fd 100644 --- a/src/helma/framework/ResponseBean.java +++ b/src/helma/framework/ResponseBean.java @@ -141,7 +141,7 @@ public class ResponseBean implements Serializable { * @param value the cookie value */ public void setCookie(String key, String value) { - res.setCookie(key, value, -1, null, null); + res.setCookie(key, value, -1, null, null, true, false); } /** @@ -154,7 +154,7 @@ public class ResponseBean implements Serializable { * @param days number of days the cookie should be stored */ public void setCookie(String key, String value, int days) { - res.setCookie(key, value, days, null, null); + res.setCookie(key, value, days, null, null, true, false); } /** @@ -169,7 +169,7 @@ public class ResponseBean implements Serializable { * @param path the URL path to apply the cookie to */ public void setCookie(String key, String value, int days, String path) { - res.setCookie(key, value, days, path, null); + res.setCookie(key, value, days, path, null, true, false); } /** @@ -183,11 +183,46 @@ public class ResponseBean implements Serializable { * @param days number of days the cookie should be stored * @param path the URL path to apply the cookie to * @param domain domain + * @param isHttpOnly marks the cookie as HttpOnly */ - public void setCookie(String key, String value, int days, String path, String domain) { - res.setCookie(key, value, days, path, domain); + public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly) { + res.setCookie(key, value, days, path, domain, isHttpOnly, false); } + /** + * Set a HTTP cookie with the name and value that is only applied to + * the URLs matching the given path and is stored by the + * HTTP client for the given number of days. A days value of 0 means the + * cookie should be immediately discarded. + * + * @param key the cookie name + * @param value the cookie value + * @param days number of days the cookie should be stored + * @param path the URL path to apply the cookie to + * @param domain domain + * @param isHttpOnly marks the cookie as HttpOnly + * @param isSecure limits the cookie to secure protocols + */ + public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) { + res.setCookie(key, value, days, path, domain, isHttpOnly, isSecure); + } + + /** + * Set a HTTP cookie with the name and value that is only applied to + * the URLs matching the given path and is stored by the + * HTTP client for the given number of days. A days value of 0 means the + * cookie should be immediately discarded. + * + * @param key the cookie name + * @param value the cookie value + * @param days number of days the cookie should be stored + * @param path the URL path to apply the cookie to + * @param domain domain + */ + public void setCookie(String key, String value, int days, String path, String domain) { + res.setCookie(key, value, days, path, domain, true, false); + } + /** * Unset a previously set HTTP cookie, causing it to be discarded immedialtely by the * HTTP client. @@ -195,7 +230,7 @@ public class ResponseBean implements Serializable { * @param key the name of the cookie to be discarded */ public void unsetCookie(String key) { - res.setCookie(key, "", 0, null, null); + res.setCookie(key, "", 0, null, null, true, false); } /** diff --git a/src/helma/framework/ResponseTrans.java b/src/helma/framework/ResponseTrans.java index 46a0a2fa..e4a1157a 100644 --- a/src/helma/framework/ResponseTrans.java +++ b/src/helma/framework/ResponseTrans.java @@ -975,8 +975,10 @@ public final class ResponseTrans extends Writer implements Serializable { * @param days the cookie's lifespan in days * @param path the URL path to apply the cookie to * @param domain the domain to apply the cookie to + * @param isHttpOnly marks the cookie as HttpOnly + * @param isSecure limits the cookie for use with secure protocols */ - public void setCookie(String key, String value, int days, String path, String domain) { + public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) { CookieTrans c = null; if (cookies == null) { @@ -1000,6 +1002,8 @@ public final class ResponseTrans extends Writer implements Serializable { c.setDays(days); c.setPath(path); c.setDomain(domain); + c.setHttpOnly(isHttpOnly); + c.setSecure(isSecure); } /**