{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 太酷不给撩 的问题《HttpOnly cookies on google app engine java》','https://www.manongdao.com/q-588060.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Anyone know how I can use httponly cookies for sessions and cookies on the app engine?
In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean) , there is a setHttpOnly method.
I get a compiler error when trying to use it when developing for app engine though.
The method was introduced in the Servlet 3.0 spec, so its pretty new.
App Engine supports the Servlet API at version 2.5, so you cannot use the setHttpOnly method.
You could try to output the cookie header yourself.
Since 2017 GAE does support servlet API 3.1 So I've tested the following cookie option inside web.xml and it works: