RandomSecurityCookieFilter
.
Using the JSESSIONID like this might let an XSS attacker hijack a session. See GitHub issue #484@Deprecated @Singleton public class HttpSessionSecurityCookieFilter extends AbstractHttpSessionSecurityCookieFilter
HttpSession
and will only work if the session is enabled.
To setup this
filter, add the following line at before any other serve
call in your own
ServletModule.configureServlets()
:
filter("*.jsp").through(HttpSessionSecurityCookieFilter.class);You also have to use a
.jsp
file instead of a .html
as your main GWT file.Modifier and Type | Method and Description |
---|---|
protected javax.servlet.http.HttpSession |
getSession()
Deprecated.
|
destroy, doFilter, init
protected javax.servlet.http.HttpSession getSession()
getSession
in class AbstractHttpSessionSecurityCookieFilter
Copyright © 2010–2014 Arcbees. All rights reserved.