add: support for httponly and secure cookies

2016-12-09 23:49:23 +01:00 · 2016-12-09 23:49:23 +01:00 · c468e8e865
commit c468e8e865
parent 2a41085419
3 changed files with 31 additions and 2 deletions
--- a/src/helma/framework/CookieTrans.java
+++ b/src/helma/framework/CookieTrans.java
@ -29,6 +29,8 @@ public final class CookieTrans implements Serializable {
    String path;
    String domain;
    int days = -1;
+    boolean secure;
+    boolean httpOnly;

    CookieTrans(String name, String value) {
        this.name = name;
@ -96,6 +98,22 @@ public final class CookieTrans implements Serializable {
        return domain;
    }

+    public boolean isSecure() {
+        return secure;
+    }
+
+    void isSecure(boolean secure) {
+        this.secure = secure;
+    }
+
+    public boolean isHttpOnly() {
+        return httpOnly;
+    }
+
+    void isHttpOnly(boolean httpOnly) {
+        this.httpOnly = httpOnly;
+    }
+
    /**
     *
     *
@ -127,6 +145,9 @@ public final class CookieTrans implements Serializable {
            c.setDomain(defaultDomain);
        }

+        c.setHttpOnly(httpOnly);
+        c.setSecure(secure);
+
        return c;
    }
 }
--- a/src/helma/framework/ResponseTrans.java
+++ b/src/helma/framework/ResponseTrans.java
@ -999,6 +999,14 @@ public final class ResponseTrans extends Writer implements Serializable {
        c.setDays(days);
        c.setPath(path);
        c.setDomain(domain);
+
+        if (!"false".equalsIgnoreCase(app.getProperty("cookies.httpOnly"))) {
+            c.isHttpOnly(true);
+        }
+
+        if ("true".equalsIgnoreCase(app.getProperty("cookies.secure"))) {
+            c.isSecure(true);
+        }
    }

    /**
--- a/src/helma/servlet/AbstractServletClient.java
+++ b/src/helma/servlet/AbstractServletClient.java
@ -589,10 +589,10 @@ public abstract class AbstractServletClient extends HttpServlet {
            // lowercase domain for IE
            buffer.append("; Domain=").append(domain.toLowerCase());
        }
-        if (!"false".equalsIgnoreCase(app.getProperty("httpOnlySessionCookie"))) {
+        if (!"false".equalsIgnoreCase(app.getProperty("cookies.httpOnly"))) {
            buffer.append("; HttpOnly");
        }
-        if ("true".equalsIgnoreCase(app.getProperty("secureSessionCookie"))) {
+        if ("true".equalsIgnoreCase(app.getProperty("cookies.secure"))) {
            buffer.append("; Secure");
        }
        response.addHeader("Set-Cookie", buffer.toString());