BBjCookie::setHttpOnly


Description

In BBj 18.04 and higher, this method indicates that the cookie should only be sent over HTTP. It can be used to prevent client-side scripts from accessing the cookie.

The default value is false.

Syntax

Return Value

Method

void

setHttpOnly(boolean value)

Parameters

Variable

Description

value

If true, the cookie can only be sent over HTTP(S) protocol

Return Value

None.

Remarks

HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).

Example

REM Obtain the instance of the BBjAPI object
LET myAPI! = BBjAPI()
MyServlet! = new MyServlet()
 
data!.setCallback(data!.ON_WEB_CONNECTION, myServlet!, "myMethod")
 
PROCESS_EVENTS

class public MyServlet
  method public void myMethod(BBjServletEvent p_event!)
    LET chan = UNT
    request! = p_event!.getHttpRequest()
    response! = p_event!.getHttpResponse()
    response!.setContentType("text/html")
    cookie! = response!.addCookie("MyCookie")
    cookie!.setValue("My cookie data")
    cookie!.setPath("/servlet/MyServlet")
    cookie!.setDomain("www.wibble.com")
    cookie!.setMaxAge(3600)
    cookie!.setSecure(0)
    cookie!.setVersion(1)
    cookie!.setComment("comment)
    open (chan)"JSERVLET"
    print (chan)"<html><body><h1>Hello BBj!</h1>"
    print (chan)"</body></html>"
    close (chan)
  methodend
classend

See Also

BBjAPI

BBjServletEvent

BBjHttpRequest

BBjHttpResponse

BBjCookie