Does anyone know if its possible to set a “Secure Cookie” inside a Header?
i need to create a cookie in a header like this Set-Cookie:JSESSIONID:893ihewwydkq2764@&@09;Path=/;secure
With the “secure” param at the end. I have looked at the Http apache Header class and all it takes is a name and value pair. what about aditional params such as “secure” ?
The purpose of doing this is so that the cookies can only be used on a encrypted connection ie on https:// only
I am devoloping in Java by the way. thanks
In general, http headers are just that: key-value. For the Cookie header, the “value” is actually a list of key-value pairs itself (plus a bunch of other things usually)
However, if you are developing in Java, there is probably a better way to deal with cookies than by manipulating the headers directly. If you are using a framework, the framework probably makes it easier, but if you are working with raw servelets, the servelet spec also gives you better ways of dealing with setting cookies.
With the HttpClient package, you can definitely send secure cookies back to the server. The SetCookie interface can set the cookie to be secure. That said, it’s a little bit confusing that you are using HttpClient to set secure cookies (the server, not the client, usually does that) but you can still do it.