本文介绍了Tomcat 7 - JSESSIONID cookie 无法从 JavaScript 代码访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有谁知道 Tomcat 6 和 Tomcat 7 之间的配置发生了什么变化会导致 JSESSIONID cookie 无法通过 JavaScript 访问?

Does anyone know what changed in the configuration between Tomcat 6 and Tomcat 7 that would cause the JSESSIONID cookie to not be accessible via JavaScript?

使用 Tomcat 6:

Using Tomcat 6:

alert(document.cookie); // JSESSIONID=8675309ABCDEF...

使用 Tomcat 7:

Using Tomcat 7:

alert(document.cookie); // nothing

推荐答案

好的,我找到了答案.useHttpOnly 属性在 ,并且在 .此属性是为 容器设置的.

Okay, I found the answer. The useHttpOnly attribute was set to false by default in Tomcat 6, and is true in Tomcat 7. This attribute is set for the <Context> container.

<Context useHttpOnly="false" [...] />

有关从 Tomcat 6 更新到 7 的更多信息:从 6.0.x 迁移到 7.0.x

For more information about updating from Tomcat 6 to 7: Migrating from 6.0.x to 7.0.x

我不确定为什么我之前没有在文档中看到这一点,但我已经验证将其设置为 false 实际上确实会导致 Tomcat 7 恢复到 Tomcat 6 的行为.

I'm not sure why I didn't see that in the docs before, but I've verified that setting this to false does in fact cause Tomcat 7 to revert to the Tomcat 6 behavior.

这篇关于Tomcat 7 - JSESSIONID cookie 无法从 JavaScript 代码访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-27 14:49