Cookie « Filter « JSP-Servlet Q&A

  1. JSP-Servlet Q&A
  2. Filter
  3. Cookie




1. J2EE Filters not able to get cookies?    stackoverflow.com

Why aren't cookies able to be referenced from a servlet filter? It just seems beyond me that J2EE wouldn't allow you to sanitize cookie values: 

public void doFilter(ServletRequest request, ServletResponse response, 
 ...

2. Session hijacking: Pros/Cons of a filter that suppresses Session IDs    stackoverflow.com

I am trying to address session fixation/hijacking/sidejacking on an ATG/JBoss/Tomcat site. It seems that by far, the most commons recommendations are:

  1. Grant a new session to the user when they log ...

3. I have a caching Servlet Filter, How do I make sure it doesn't send caching headers if there are cookies set on the response?    stackoverflow.com

I have a caching Servlet Filter, the filter will, for certain URLs, add a Cache-Control: public, max-age=x header to responses. But it shouldn't publicly cache any responses that are setting any cookies. ...

4. Using a filter to add a cookie to the users session    stackoverflow.com

Update: The issue is with the setting used for the MaxAge. Setting it to zero will cause the cookie to be deleted, hence it was shown in the response header ...