public interface CookieUtils
| Modifier and Type | Field and Description |
|---|---|
static String |
CUSTOMER_COOKIE_NAME |
| Modifier and Type | Method and Description |
|---|---|
String |
getCookieValue(javax.servlet.http.HttpServletRequest request,
String cookieName) |
void |
invalidateCookie(javax.servlet.http.HttpServletResponse response,
String cookieName) |
void |
setCookieValue(javax.servlet.http.HttpServletResponse response,
String cookieName,
String cookieValue) |
void |
setCookieValue(javax.servlet.http.HttpServletResponse response,
String cookieName,
String cookieValue,
String path,
Integer maxAge,
Boolean isSecure)
Uses a cookie value of "CookieInvalidationPlaceholderValue" because the later call to
ESAPI#httpUtilities()#addHeader(HttpServletResponse, String, String)
fails if the value is null or an empty String. |
Boolean |
shouldUseSecureCookieIfApplicable()
Checks
cookies.use.secure System Property, which determines whether to use HTTPS cookie over
HTTPS connection or HTTP only. |
static final String CUSTOMER_COOKIE_NAME
Boolean shouldUseSecureCookieIfApplicable()
cookies.use.secure System Property, which determines whether to use HTTPS cookie over
HTTPS connection or HTTP only.cookies.use.secureString getCookieValue(javax.servlet.http.HttpServletRequest request, String cookieName)
void setCookieValue(javax.servlet.http.HttpServletResponse response,
String cookieName,
String cookieValue,
String path,
Integer maxAge,
Boolean isSecure)
ESAPI#httpUtilities()#addHeader(HttpServletResponse, String, String)
fails if the value is null or an empty String. If an empty cookie value is passed,
this is considered a request to remove the cookie and maxAge is set to 0 to force the removal.
In addition, calls to ESAPI#httpUtilities()#killCookie(HttpServletRequest, HttpServletResponse, String)
have shown to be ineffective while this approach for removing cookies works.response - cookieName - cookieValue - path - maxAge - isSecure - void setCookieValue(javax.servlet.http.HttpServletResponse response,
String cookieName,
String cookieValue)
void invalidateCookie(javax.servlet.http.HttpServletResponse response,
String cookieName)
Copyright © 2022. All rights reserved.