'Handle Secure Cookie with HttpURLConnection and Domain
I would need to exchange with my backend server a Cookie with Secure, HttpOnly and Domain flags.
Here the code I'm using for the client:
CookieManager cookieManager = new CookieManager();
HttpCookie cookie = new HttpCookie("SESSION", session);
cookie.setDomain("example.com");
cookie.setPath("/");
cookie.setSecure(true);
cookie.setHttpOnly(true);
cookie.setMaxAge(1000);
cookieManager.getCookieStore().add(new URI("https://example.com"), cookie);
CookieHandler.setDefault(cookieManager);
....
HttpURLConnection con = (HttpURLConnection) url.openConnection();
and on the servlet side I'm using:
Cookie[] cookie = request.getCookies();
for (int i = 0; i < cookie.length; i++) {
log.debug("Cookie: " + cookie[i].getName() + " " + cookie[i].getValue());
if (cookie[i].getName().equals("SESSION")) {
log.debug("Received session: " + cookie[i].getValue());
log.debug("is secured ?: "+cookie[i].getSecure());
log.debug("Max age: "+cookie[i].getMaxAge());
log.debug("Domain: "+cookie[i].getDomain());
tokenUser = cookie[i].getValue();
}
}
I can retrieve the Cookie SESSION but flags Secure, HttpOnly or Domain are not set (in fact I only get the value of the token).
How can I ensure that Cookie received on the server side are set correctly ? may be I'm missing something ?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|