import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class HttpsCookieFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
final HttpSession session = httpRequest.getSession(false);
// servlet3
if (session != null) {
System.out.println("HttpsCookieFilter set session cookie:"
+ session.getId());
final Cookie cookie = new Cookie("JSESSIONID",
session.getId());
cookie.setMaxAge(-1);//no store
cookie.setSecure(false);
cookie.setPath(httpRequest.getContextPath());
cookie.setHttpOnly(true);
httpResponse.addCookie(cookie);
}
//servlet2
//httpResponse.addHeader(
// "Set-Cookie",
// "JSESSIONID=" + session.getId() + "; Path="
// + httpRequest.getContextPath() + "; HttpOnly");
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}