非httpOnly:
Cookie cookie = new Cookie(name, value);
cookie.setMaxAge(maxAge);
cookie.setPath(path);
cookie.setDomain(domain);
cookie.setSecure(secure);
response.addCookie(cookie);
httpOnly:(把cookie拼接为字符串,然后写回去)
response.setHeader("***");
StringBuilder sb = new StringBuilder(200);
sb.append(name).append("=").append(value);
if (path != null && path.length() > 0) {
sb.append(";path=").append(path);
} else {
sb.append(";path=/");
}
if (domain != null && domain.length() > 0) {
sb.append(";domain=").append(domain);
}
if (maxAge > -1) {
// sb.append(";max-age=").append(maxAge);
Calendar cal = Calendar.getInstance(Locale.US);
cal.add(Calendar.SECOND, maxAge);
DateFormat df = new SimpleDateFormat("EEE, d-MMM-yyyy HH:mm:ss z", Locale.US);
df.setTimeZone(TimeZone.getTimeZone("GMT"));
String expires = df.format(cal.getTime());
if (maxAge == 0) { //Çå³ýcookie
expires = "Thu, 01-Jan-1970 00:00:10 GMT";
}
sb.append("; Expires=").append(expires);
}
if (secure) {
sb.append(";secure");
}
sb.append(";httponly");
response.addHeader("SET-COOKIE", sb.toString());