here is a function that sets a cookie:
public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) {
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setPath("/mycampaigns");
cookie.setSecure(isSecureCookie);
cookie.setMaxAge(maxAge);
response.addCookie(cookie);
}
I believe in servlet 3.0, there is a way to do this directly. Unfortunately my organization uses 2.5 and UPGRADING at this juncture IS NOT AN OPTION.
is there way to use the response to set the cookie? Here's an example i found online
response.setHeader("SET-COOKIE", "[SOME STUFF]" +"; HttpOnly")
If this is the only way to do what i want, what would i replace "[SOME STUFF]" with so that i don't lose any of the data that my function currently stores in the cookie?
You are right, manually setting header is the right way to achive your goal.
You can also use javax.ws.rs.core.NewCookie or any other class with useful toString method to print cookie to a header to make things more simple.
public static String getHttpOnlyCookieHeader(Cookie cookie) {
NewCookie newCookie = new NewCookie(cookie.getName(), cookie.getValue(),
cookie.getPath(), cookie.getDomain(), cookie.getVersion(),
cookie.getComment(), cookie.getMaxAge(), cookie.getSecure());
return newCookie + "; HttpOnly";
}
And the usage:
response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(myOriginalCookie));