#B4X Discord (unofficial)

Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
All developers, with any skill level, are welcome to join the B4X community.

Wish B4J server set jsessionid cookie HttpOnly

Thread starter billzhan
Start date Aug 30, 2014
Similar Threads Similar Threads

billzhan

Active Member

Licensed User

Longtime User

Aug 30, 2014

#1

Hi Erel,

Set cookie (jsessionid) HttpOnly will prevent XSS attack.See http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly

I hope this feature can be added.

Thanks,
bz

Erel

B4X founder

Staff member

Licensed User

Longtime User

Aug 31, 2014

#2

You can set HttpOnly with this code:

B4X:

Dim jo As JavaObject = srvr
   Dim sessionmanager As JavaObject = _
     jo.GetFieldJO("context").RunMethodJO("getSessionHandler", Null).RunMethod("getSessionManager", Null)
   sessionmanager.RunMethod("setHttpOnly", Array(True))

Run it after you call Server.Start.

I tested this code with FireBug:

SS-2014-08-31_10.13.41.png

billzhan

Active Member

Licensed User

Longtime User

Aug 31, 2014

#3

It works here. Thanks

You must log in or register to reply here.

Similar Threads

Article

Share My Creation [Project Template] [Web] API Server 2

2 3 4

Replies: 60

Views: 11K

Yesterday at 6:48 PM

Article

Share My Creation [Project Template] [Web] API Server

4 5 6

Replies: 110

Views: 29K

Article

B4A Library [B4X] FTP Server implemented with Socket and AsyncStreams

2 3

Replies: 43

Views: 39K

Locked
Article

B4J Tutorial [server] Run a Server on a VPS

2

Replies: 25

Views: 31K

Locked
Article

B4J Tutorial [Server] SSL Connections

2

Replies: 32

Views: 27K

Share:

Facebook Twitter Reddit Pinterest Tumblr WhatsApp Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…