BBjCookie::setHttpOnly

Description

In BBj 18.04 and higher, this method indicates that the cookie should only be sent over HTTP. It can be used to prevent client-side scripts from accessing the cookie.

The default value is false.

Syntax

Return Value

Method

void

setHttpOnly(boolean value)

Parameters

Parameter

Description

value

If true, the cookie can only be sent over HTTP(S) protocol

Return Value

None.

Remarks

HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).

Example

CLASS PUBLIC CookieSettingExampleServlet 
    method public void service(BBxServletContext context!) 
       
        request! = context!.getRequest()
        response! = context!.getResponse()
        session! = request!.getSession()

        s! = response!.getOutputStream()
        
REM     Initialize the settings going into the cookie        
        domain! = request!.getServerName()
        maxAge! = 1000
        path! = request!.getRequestURI()
        isSecure! = request!.isSecure()
        value! = "Example Value"
        comment! = "This is an example cookie"
        
REM     Create the cookie
        cookie! = response!.createCookie("SampleCookie")
        cookie!.setDomain(domain!)
        cookie!.setMaxAge(maxAge!)
        cookie!.setPath(path!)
        cookie!.setSecure(isSecure!)
        cookie!.setHttpOnly(!isSecure!)
        cookie!.setValue(value!)
        cookie!.setComment(comment!)
        
REM     Add cookie to response to be set on client        
        response!.addCookie(cookie!)
        
        
        s!.write("<html><body>")
        s!.write("<h1>The following cookie was successfully added</h1>")
        s!.write("The BBjCookie '" + cookie!.getName() + "' ")
        s!.write("has the value '" + cookie!.getValue() + "' ")
        
        domain! = cookie!.getDomain()
        IF domain! = NULL() THEN
            domain! = "null"
        ENDIF
        
        path! = cookie!.getPath()
        IF path! = NULL() THEN
            path! = "null"
        ENDIF
        
        s!.write("for the domain " + domain! + " ")
        s!.write("at path " + path! + " ")
        s!.write("will expire in " + Integer.toString(cookie!.getMaxAge()) + " seconds ")
        
        IF cookie!.getSecure() THEN
            s!.write(" for HTTPS protocol ")
        ENDIF

        IF cookie!.isHttpOnly() THEN
            s!.write(" only for HTTP protocol ")
        ENDIF
        
        s!.write("is version " + Integer.toString(cookie!.getVersion()) + " ")
        
        IF cookie!.getComment() <> NULL() THEN
            s!.write("comment '" + cookie!.getComment() + "' ")
        ENDIF
        s!.write("</body></html>")
    METHODEND
CLASSEND

See Also

BBjAPI

BBxServletContext

BBxServletResponse

BBxServletRequest

BBjCookie