to set http-only I used this in web.xml
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
but it is not setting http-only.
can any one suggest, what may be the problem. and how to set it.
Thanks.
Which container are you using and in which version?
pay attention since true can be used in web.xml only since servlet 3.0
Related
Currently I have added this in my web.xml
<session-config>
<session-timeout>1</session-timeout>
</session-config>
But after one minute session is not getting expired,
I don't know whats wrong can anyone let me know where i'm doing wrong
In Grails 2.x you can change the name of the session cookie in the web.xml with
<session-config>
<cookie-config>
<name>JSESSIONID_XYZ</name>
</cookie-config>
</session-config>
In Grails 3.0 there is by default no web.xml (but can be created manually). Is there any other way to change the name of the session cookie?
Update: I tried to create a web.xml but it didn't work
ServletContextInitializer can be used to register a bean, in which you can configure the Cookie name with
#Override
void onStartup(ServletContext servletContext) throws ServletException {
servletContext.getSessionCookieConfig().setName(sessionCookieName);
}
I preffed this solution because it also works during development with run-app, which is acutally what i need.
It works when deployed as a war, but not with run-app. Add this to src/main/webapp/WEB-INF/web.xml:
<?xml version='1.0' encoding='UTF-8'?>
<web-app version='3.0'
xmlns='http://java.sun.com/xml/ns/javaee'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd'>
<session-config>
<cookie-config>
<name>JSESSIONID_XYZ</name>
</cookie-config>
</session-config>
</web-app>
and deploy the war to Tomcat or another container and it will use the config settings from web.xml along with the programmatic servlet/filter/etc. registrations.
I have following configuration in web.xml in tomcat 7. I am wondering if I can add any configurable parameter here, so that if user tries to do any operation post 30 minutes, I redirect the user to our home page.
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<domain>mydomain.mycompany.com</domain>
<http-only>true</http-only>
<secure>false</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
This is probably not possible by configuration only. You will have to add a filter aswell. One way of doing that is described here: https://stackoverflow.com/a/1027592/3417638
If you would like to configure the redirect in web.xml, this can be done by using a context-parameter, see: https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Context_Parameters
i'm developing a J2EE App using Spring (mvc, security, etc...) and i have a problem with the mappings. I would like to redirect people who type "..../myapp" to a welcome jsp, specifically to "/myapp/welcome.html"
Previously my servlet-mapping had this config:
<servlet-mapping>
<servlet-name>MyApp</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
But i changed it, in order to catch the "/myapp" request. The newone that i wrote is the following:
<servlet-mapping>
<servlet-name>ThreddsAdminPanel</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
It works as expected but when i try to access to a page which needs an css, this error appears:
"No mapping found for HTTP request with URI"
I think that if My url-pattern is /*, the servlet is catching something that doesn't belong to it although i don't know how to do it. Does anybody know a good way to do this?
Thank you
See this: Pretty URL Mapping with Spring 3.0
Basically, change your servlet-mapping from /* to / and then you can worry about performing the redirect.
For the redirect, you should be able to do something like this (assuming use of the mvc namespace in XML config):
<mvc:view-controller path="/myapp" view-name="redirect:/myapp/welcome.html"/>
I am using JBoss 7 and I have configure my session config in web.xml as follows:
<session-config>
<session-timeout>240</session-timeout>
<http-only>true</http-only>
</session-config>
However, in my servlet, i am getting a nullpointerexception when I try to retrieve the current session as follows:
request.getSession(false);
Am I missing anything?
That seems correct per the documentation.
Snippet:
Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this method returns null.
After looking again at your web.xml snippet, it's not quite correct. The <http-only/> is not part of the <session-config/>. Move it into <cookie-config/> as per the following:
<session-config>
<session-timeout>240</session-timeout>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>