List of usage examples for javax.servlet.http Cookie setSecure
public void setSecure(boolean flag)
From source file:com.tremolosecurity.proxy.filter.PostProcess.java
protected void postProcess(HttpFilterRequest req, HttpFilterResponse resp, UrlHolder holder, HttpResponse response, String finalURL, HttpFilterChain curChain, HttpRequestBase httpRequest) throws IOException, Exception { boolean isText; HttpEntity entity = null;/*from ww w . j a v a 2 s .c om*/ try { entity = response.getEntity(); /*if (entity != null) { entity = new BufferedHttpEntity(entity); }*/ } catch (Throwable t) { throw new Exception(t); } InputStream ins = null; boolean entExists = false; if (entity == null) { resp.setStatus(response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase()); ins = new StringBufferInputStream(""); } else { try { ins = entity.getContent(); resp.setStatus(response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase()); entExists = true; } catch (IllegalStateException e) { //do nothing } } if (entExists) { org.apache.http.Header hdr = response.getFirstHeader("Content-Type"); org.apache.http.Header encoding = response.getFirstHeader("Content-Encoding"); /*if (hdr == null) { isText = false; } else { isText = response.getFirstHeader("Content-Type").getValue().startsWith("text"); if (encoding != null ) { isText = (! encoding.getValue().startsWith("gzip")) && (! encoding.getValue().startsWith("deflate")); } if (isText) { resp.setContentType(response.getFirstHeader("Content-Type").getValue()); resp.setLocale(response.getLocale()); } }*/ isText = false; try { resp.setCharacterEncoding(null); } catch (Throwable t) { //we're not doing anything } StringBuffer stmp = new StringBuffer(); if (response.getFirstHeader("Content-Type") != null) { resp.setContentType(response.getFirstHeader("Content-Type").getValue()); } if (response.getLocale() != null) { resp.setLocale(response.getLocale()); } org.apache.http.Header[] headers = response.getAllHeaders(); for (int i = 0; i < headers.length; i++) { org.apache.http.Header header = headers[i]; if (header.getName().equals("Content-Type")) { continue; } else if (header.getName().equals("Content-Type")) { continue; } else if (header.getName().equals("Content-Length")) { if (!header.getValue().equals("0")) { continue; } } else if (header.getName().equals("Transfer-Encoding")) { continue; } else if (header.getName().equalsIgnoreCase("set-cookie") || header.getName().equalsIgnoreCase("set-cookie2")) { //System.out.println(header.getValue()); String cookieVal = header.getValue(); /*if (cookieVal.endsWith("HttpOnly")) { cookieVal = cookieVal.substring(0,cookieVal.indexOf("HttpOnly")); } //System.out.println(cookieVal);*/ List<HttpCookie> cookies = HttpCookie.parse(cookieVal); Iterator<HttpCookie> it = cookies.iterator(); while (it.hasNext()) { HttpCookie cookie = it.next(); String cookieFinalName = cookie.getName(); if (cookieFinalName.equalsIgnoreCase("JSESSIONID")) { stmp.setLength(0); stmp.append("JSESSIONID").append('-') .append(holder.getApp().getName().replaceAll(" ", "|")); cookieFinalName = stmp.toString(); } Cookie respcookie = new Cookie(cookieFinalName, cookie.getValue()); respcookie.setComment(cookie.getComment()); if (cookie.getDomain() != null) { respcookie.setDomain(cookie.getDomain()); } if (cookie.hasExpired()) { respcookie.setMaxAge(0); } else { respcookie.setMaxAge((int) cookie.getMaxAge()); } respcookie.setPath(cookie.getPath()); respcookie.setSecure(cookie.getSecure()); respcookie.setVersion(cookie.getVersion()); resp.addCookie(respcookie); } } else if (header.getName().equals("Location")) { if (holder.isOverrideHost()) { fixRedirect(req, resp, finalURL, header); } else { resp.addHeader("Location", header.getValue()); } } else { resp.addHeader(header.getName(), header.getValue()); } } curChain.setIns(ins); curChain.setText(isText); curChain.setEntity(entity); curChain.setHttpRequestBase(httpRequest); //procData(req, resp, holder, isText, entity, ins); } else { isText = false; } }
From source file:com.tremolosecurity.proxy.SessionManagerImpl.java
@Override public void writeSession(UrlHolder holder, TremoloHttpSession session, HttpServletRequest request, HttpServletResponse response) throws IOException { /*/* ww w.j a v a 2 s .com*/ * Enumeration enumer = session.getAttributeNames(); while * (enumer.hasMoreElements()) { String name = (String) * enumer.nextElement(); String value = * session.getAttribute(name).toString(); logger.debug(name + "='" + * value + "'"); } */ ByteArrayOutputStream bos = new ByteArrayOutputStream(); GZIPOutputStream gzip = new GZIPOutputStream(bos); ObjectOutputStream oos = new ObjectOutputStream(gzip); oos.writeObject(session); oos.flush(); oos.close(); byte[] encSession = new byte[0]; try { Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, holder.getConfig().getSecretKey(holder.getApp().getCookieConfig().getKeyAlias())); encSession = cipher.doFinal(bos.toByteArray()); } catch (Exception e) { e.printStackTrace(); } Cookie sessionCookie; sessionCookie = new Cookie(holder.getApp().getCookieConfig().getSessionCookieName(), new String(Base64.encodeBase64(encSession))); // logger.debug("session size : " + // org.apache.directory.shared.ldap.util.Base64.encode(encSession).length); String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), request); if (domain != null) { sessionCookie.setDomain(domain); } sessionCookie.setPath("/"); sessionCookie.setSecure(false); sessionCookie.setMaxAge(-1); response.addCookie(sessionCookie); }
From source file:org.mitre.dsmiley.httpproxy.ProxyServlet.java
/** * Copy cookie from the proxy to the servlet client. Replaces cookie path to * local path and renames cookie to avoid collisions. *///w w w . j ava 2s .c o m protected void copyProxyCookie(HttpServletRequest servletRequest, HttpServletResponse servletResponse, String headerValue) { List<HttpCookie> cookies = HttpCookie.parse(headerValue); String path = servletRequest.getContextPath(); // path starts with / or // is empty string path += servletRequest.getServletPath(); // servlet path starts with / // or is empty string for (HttpCookie cookie : cookies) { // set cookie name prefixed w/ a proxy value so it won't collide w/ // other cookies String proxyCookieName = getCookieNamePrefix(cookie.getName()) + cookie.getName(); Cookie servletCookie = new Cookie(proxyCookieName, cookie.getValue()); servletCookie.setComment(cookie.getComment()); servletCookie.setMaxAge((int) cookie.getMaxAge()); servletCookie.setPath(path); // set to the path of the proxy servlet // don't set cookie domain servletCookie.setSecure(cookie.getSecure()); servletCookie.setVersion(cookie.getVersion()); servletResponse.addCookie(servletCookie); } }
From source file:org.sakaiproject.portal.charon.handlers.PDAHandler.java
@Override public int doGet(String[] parts, HttpServletRequest req, HttpServletResponse res, Session session) throws PortalHandlerException { if ((parts.length == 3) && parts[1].equals(PDAHandler.URL_FRAGMENT) && parts[2].equals(XLoginHandler.URL_FRAGMENT)) { try {// ww w . j ava2 s . co m portal.doLogin(req, res, session, "/pda", true); return END; } catch (Exception ex) { throw new PortalHandlerException(ex); } } else if ((parts.length >= 2) && (parts[1].equals("pda"))) { // Indicate that we are the controlling portal session.setAttribute(PortalService.SAKAI_CONTROLLING_PORTAL, PDAHandler.URL_FRAGMENT); try { //check if we want to force back to the classic view String forceClassic = req.getParameter(Portal.FORCE_CLASSIC_REQ_PARAM); if (StringUtils.equals(forceClassic, "yes")) { log.debug("PDAHandler - force.classic"); //set the portal mode cookie to force classic Cookie c = new Cookie(Portal.PORTAL_MODE_COOKIE_NAME, Portal.FORCE_CLASSIC_COOKIE_VALUE); c.setPath("/"); c.setMaxAge(-1); //need to set domain and https as per RequestFilter if (System.getProperty(SAKAI_COOKIE_DOMAIN) != null) { c.setDomain(System.getProperty(SAKAI_COOKIE_DOMAIN)); } if (req.isSecure() == true) { c.setSecure(true); } res.addCookie(c); //redirect to classic view res.sendRedirect(req.getContextPath()); } // /portal/pda/site-id String siteId = null; if (parts.length >= 3) { siteId = parts[2]; } // SAK-12873 // If we have no site at all and are not logged in - and there is // only one gateway site, go directly to the gateway site if (siteId == null && session.getUserId() == null) { String siteList = ServerConfigurationService.getString("gatewaySiteList"); String gatewaySiteId = ServerConfigurationService.getGatewaySiteId(); if (siteList.trim().length() == 0 && gatewaySiteId.trim().length() != 0) { siteId = gatewaySiteId; } } // Tool resetting URL - clear state and forward to the real tool // URL // /portal/pda/site-id/tool-reset/toolId // 0 1 2 3 4 String toolId = null; if ((siteId != null) && (parts.length == 5) && (parts[3].equals("tool-reset"))) { toolId = parts[4]; String toolUrl = req.getContextPath() + "/pda/" + siteId + "/tool" + Web.makePath(parts, 4, parts.length); String queryString = Validator.generateQueryString(req); if (queryString != null) { toolUrl = toolUrl + "?" + queryString; } portalService.setResetState("true"); res.sendRedirect(toolUrl); return RESET_DONE; } // Tool after the reset // /portal/pda/site-id/tool/toolId if ((parts.length > 4) && (parts[3].equals("tool"))) { // look for page and pick up the top-left tool to show toolId = parts[4]; } String forceLogout = req.getParameter(Portal.PARAM_FORCE_LOGOUT); if ("yes".equalsIgnoreCase(forceLogout) || "true".equalsIgnoreCase(forceLogout)) { portal.doLogout(req, res, session, "/pda"); return END; } if (session.getUserId() == null) { String forceLogin = req.getParameter(Portal.PARAM_FORCE_LOGIN); if ("yes".equalsIgnoreCase(forceLogin) || "true".equalsIgnoreCase(forceLogin)) { portal.doLogin(req, res, session, URLUtils.getSafePathInfo(req), false); return END; } } SitePage page = null; // /portal/site/site-id/page/page-id // /portal/pda/site-id/page/page-id // 1 2 3 4 if ((parts.length == 5) && (parts[3].equals("page"))) { // look for page and pick up the top-left tool to show String pageId = parts[4]; page = SiteService.findPage(pageId); if (page == null) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return END; } else { List<ToolConfiguration> tools = page.getTools(0); if (tools != null && !tools.isEmpty()) { toolId = tools.get(0).getId(); } parts[3] = "tool"; parts[4] = toolId; } } // Set the site language Site site = null; if (siteId == null && session.getUserId() != null) { site = portal.getSiteHelper().getMyWorkspace(session); } else { try { Set<SecurityAdvisor> advisors = (Set<SecurityAdvisor>) session .getAttribute("sitevisit.security.advisor"); if (advisors != null) { for (SecurityAdvisor advisor : advisors) { SecurityService.pushAdvisor(advisor); } } // This should understand aliases as well as IDs site = portal.getSiteHelper().getSiteVisit(siteId); } catch (IdUnusedException e) { } catch (PermissionException e) { } } if (site != null) { super.setSiteLanguage(site); } // See if we can buffer the content, if not, pass the request through boolean allowBuffer = false; ToolConfiguration siteTool = SiteService.findTool(toolId); String commonToolId = null; String toolContextPath = null; String toolPathInfo = null; if (parts.length >= 5) { toolContextPath = req.getContextPath() + req.getServletPath() + Web.makePath(parts, 1, 5); toolPathInfo = Web.makePath(parts, 5, parts.length); } Object BC = null; if (siteTool != null && parts.length >= 5) { commonToolId = siteTool.getToolId(); // Does the tool allow us to buffer? allowBuffer = allowBufferContent(req, site, siteTool); if (allowBuffer) { // Should we bypass buffering based on the request? boolean matched = checkBufferBypass(req, siteTool); if (matched) { ActiveTool tool = ActiveToolManager.getActiveTool(commonToolId); portal.forwardTool(tool, req, res, siteTool, siteTool.getSkin(), toolContextPath, toolPathInfo); return END; } // Inform includeTool called by portal.includePortal below ThreadLocalManager.set("sakai:inline-tool", "true"); } } // Prepare for the full output... PortalRenderContext rcontext = portal.includePortal(req, res, session, siteId, toolId, req.getContextPath() + req.getServletPath(), "pda", /* doPages */false, /* resetTools */true, /* includeSummary */false, /* expandSite */false); if (allowBuffer) { BC = bufferContent(req, res, session, toolId, toolContextPath, toolPathInfo, siteTool); // If the buffered response was not parseable if (BC instanceof ByteArrayServletResponse) { ByteArrayServletResponse bufferResponse = (ByteArrayServletResponse) BC; StringBuffer queryUrl = req.getRequestURL(); String queryString = req.getQueryString(); if (queryString != null) queryUrl.append('?').append(queryString); // SAK-25494 - This probably should be a log.debug later String msg = "Post buffer bypass CTI=" + commonToolId + " URL=" + queryUrl; String redir = bufferResponse.getRedirect(); if (redir != null) msg = msg + " redirect to=" + redir; log.warn(msg); bufferResponse.forwardResponse(); return END; } } // TODO: Should this be a property? Probably because it does cause an // uncached SQL query portal.includeSubSites(rcontext, req, session, siteId, req.getContextPath() + req.getServletPath(), "pda", /* resetTools */ true); // Add the buttons if (siteTool != null) { boolean showResetButton = !"false" .equals(siteTool.getConfig().getProperty(TOOLCONFIG_SHOW_RESET_BUTTON)); rcontext.put("showResetButton", Boolean.valueOf(showResetButton)); if (toolContextPath != null && showResetButton) { rcontext.put("resetActionUrl", toolContextPath.replace("/tool/", "/tool-reset/")); } } // Include the buffered content if we have it if (BC instanceof Map) { rcontext.put("bufferedResponse", Boolean.TRUE); Map<String, String> bufferMap = (Map<String, String>) BC; rcontext.put("responseHead", (String) bufferMap.get("responseHead")); rcontext.put("responseBody", (String) bufferMap.get("responseBody")); } // Add any device specific information to the context portal.setupMobileDevice(req, rcontext); addLocale(rcontext, site); portal.sendResponse(rcontext, res, "pda", null); try { boolean presenceEvents = ServerConfigurationService.getBoolean("presence.events.log", true); if (presenceEvents) org.sakaiproject.presence.cover.PresenceService.setPresence(siteId + "-presence"); } catch (Exception e) { return END; } return END; } catch (Exception ex) { throw new PortalHandlerException(ex); } } else { return NEXT; } }
From source file:org.ireland.jnetty.server.session.SessionManager.java
/** * ?JSESSIONID Cookie/*www.j a v a 2 s .c o m*/ * @param session * @param contextPath * @param secure * @return */ public Cookie getSessionCookie(HttpSessionImpl session, String contextPath, boolean secure) { String sessionPath = contextPath; sessionPath = (sessionPath == null || sessionPath.length() == 0) ? "/" : sessionPath; String id = session.getId(); Cookie cookie = null; cookie = new Cookie(_cookieName, id); cookie.setComment(_cookieComment); if (_cookieDomain != null) cookie.setDomain(_cookieDomain); cookie.setHttpOnly(isHttpOnly()); cookie.setMaxAge((int) _cookieMaxAge); cookie.setPath(sessionPath); cookie.setSecure(secure); cookie.setVersion(_cookieVersion); return cookie; }
From source file:com.alfaariss.oa.util.web.CookieTool.java
/** * Set Cookie with optional extra context in application context * @param sCookie//from www . j a va 2s. c o m * @param sValue * @param sExtraContext * @param oRequest * @return */ public Cookie createCookie(String sCookie, String sValue, String sExtraContext, HttpServletRequest oRequest) { assert sValue != null : "Supplied value == null"; assert oRequest != null : "Supplied request == null"; Cookie cookie = new Cookie(sCookie, sValue); if (_sCookieDomain != null) { cookie.setDomain(_sCookieDomain); _logger.debug("Created domain cookie on " + _sCookieDomain); } if (_iCookieVersion != -1) { cookie.setVersion(_iCookieVersion); _logger.debug("Setting cookie version: " + _iCookieVersion); } /* format sExtraContext */ if (sExtraContext == null) { sExtraContext = ""; } else { if (!sExtraContext.startsWith("/")) { sExtraContext = "/" + sExtraContext; } } String path = oRequest.getContextPath(); if (path != null && path.length() > 0) {//only set path if path not is empty (when hosted as server root, getContextPath() will return an empty string) cookie.setPath(path + sExtraContext);// /openaselect } else {//if no contextpath available then setting the cookie path on '/' instead of on the default path (which is for the sso cookie: /openaselect/sso) cookie.setPath("/" + sExtraContext); } cookie.setSecure(_bSecureCookie); StringBuffer sbDebug = new StringBuffer("Created '"); sbDebug.append(sCookie); sbDebug.append("' on path="); sbDebug.append(cookie.getPath()); _logger.debug(sbDebug.toString()); return cookie; }
From source file:com.adito.security.DefaultLogonController.java
private SessionInfo addLogonTicket(HttpServletRequest request, HttpServletResponse response, User user, InetAddress address, int sessionType) { String logonTicket = TicketGenerator.getInstance().generateUniqueTicket("SLX"); if (log.isInfoEnabled()) log.info("Adding logon ticket to session " + request.getSession().getId()); request.getSession().setAttribute(Constants.LOGON_TICKET, logonTicket); request.setAttribute(Constants.LOGON_TICKET, logonTicket); String userAgent = request.getHeader("User-Agent"); SessionInfo info = SessionInfo.nextSession(request.getSession(), logonTicket, user, address, sessionType, userAgent);//from w ww. j a v a2 s .c o m request.getSession().setAttribute(Constants.SESSION_INFO, info); try { String sessionIdentifier = SystemProperties.get("adito.cookie", "JSESSIONID"); String sessionId = null; Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && i < cookies.length; i++) { if (cookies[i].getName().equalsIgnoreCase(sessionIdentifier)) { sessionId = cookies[i].getValue(); break; } } if (sessionId != null) { logonsBySessionId.put(sessionId, info); } else log.warn("Could not find session id using identifier " + sessionIdentifier + " in HTTP request"); } catch (Exception ex) { log.warn("Failed to determine HTTP session id", ex); } logons.put(logonTicket, info); /** * Set the normal logon ticket without a domain - this works in almost * all circumstances */ Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket); cookie.setMaxAge(Property.getPropertyInt(new SystemConfigKey("security.session.maxCookieAge"))); cookie.setPath("/"); cookie.setSecure(true); response.addCookie(cookie); /** * Set a logon ticket for the domain - this is require to make active * dns work. */ Cookie cookie2 = new Cookie(Constants.DOMAIN_LOGON_TICKET, logonTicket); cookie2.setMaxAge(Property.getPropertyInt(new SystemConfigKey("security.session.maxCookieAge"))); cookie2.setPath("/"); // We now set the domain on the cookie so the new Active DNS feature for // Reverse Proxy works correctly String host = request.getHeader("Host"); if (host != null) { HostService hostService = new HostService(host); cookie2.setDomain(hostService.getHost()); } cookie.setSecure(true); response.addCookie(cookie2); return info; }
From source file:com.sslexplorer.security.DefaultLogonController.java
private SessionInfo addLogonTicket(HttpServletRequest request, HttpServletResponse response, User user, InetAddress address, int sessionType) { String logonTicket = TicketGenerator.getInstance().generateUniqueTicket("SLX"); if (log.isInfoEnabled()) log.info("Adding logon ticket to session " + request.getSession().getId()); request.getSession().setAttribute(Constants.LOGON_TICKET, logonTicket); request.setAttribute(Constants.LOGON_TICKET, logonTicket); String userAgent = request.getHeader("User-Agent"); SessionInfo info = SessionInfo.nextSession(request.getSession(), logonTicket, user, address, sessionType, userAgent);//w w w. j ava 2 s .c o m request.getSession().setAttribute(Constants.SESSION_INFO, info); try { String sessionIdentifier = SystemProperties.get("sslexplorer.cookie", "JSESSIONID"); String sessionId = null; Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && i < cookies.length; i++) { if (cookies[i].getName().equalsIgnoreCase(sessionIdentifier)) { sessionId = cookies[i].getValue(); break; } } if (sessionId != null) { logonsBySessionId.put(sessionId, info); } else log.warn("Could not find session id using identifier " + sessionIdentifier + " in HTTP request"); } catch (Exception ex) { log.warn("Failed to determine HTTP session id", ex); } logons.put(logonTicket, info); /** * Set the normal logon ticket without a domain - this works in almost * all circumstances */ Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket); cookie.setMaxAge(Property.getPropertyInt(new SystemConfigKey("security.session.maxCookieAge"))); cookie.setPath("/"); cookie.setSecure(true); response.addCookie(cookie); /** * Set a logon ticket for the domain - this is require to make active * dns work. */ Cookie cookie2 = new Cookie(Constants.DOMAIN_LOGON_TICKET, logonTicket); cookie2.setMaxAge(Property.getPropertyInt(new SystemConfigKey("security.session.maxCookieAge"))); cookie2.setPath("/"); // We now set the domain on the cookie so the new Active DNS feature for // Reverse Proxy works correctly String host = request.getHeader("Host"); if (host != null) { HostService hostService = new HostService(host); cookie2.setDomain(hostService.getHost()); } cookie.setSecure(true); response.addCookie(cookie2); return info; }
From source file:com.adito.security.DefaultLogonController.java
public void addCookies(RequestHandlerRequest request, RequestHandlerResponse response, String logonTicket, SessionInfo session) {// w ww . ja va 2 s .co m if (request.getAttribute("sslx.logon.cookie") != null) return; /** * Set the normal logon ticket without a domain - this works in almost * all circumstances */ Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket); cookie.setMaxAge(Property.getPropertyInt(new SystemConfigKey("security.session.maxCookieAge"))); cookie.setPath("/"); cookie.setSecure(true); response.addCookie(cookie); /** * Set a logon ticket for the domain - this is require to make active * dns work. */ Cookie cookie2 = new Cookie(Constants.DOMAIN_LOGON_TICKET, logonTicket); cookie2.setMaxAge(Property.getPropertyInt(new SystemConfigKey("security.session.maxCookieAge"))); cookie2.setPath("/"); // We now set the domain on the cookie so the new Active DNS feature for // Reverse Proxy works correctly String host = request.getField("Host"); if (host != null) { HostService hostService = new HostService(host); cookie2.setDomain(hostService.getHost()); } cookie2.setSecure(true); response.addCookie(cookie2); request.setAttribute("sslx.logon.cookie", new Object()); /** * LDP - This code was not setting the domain on the ticket. I've * converted to the new format of having two seperate tickets to ensure * tickets are sent across domains */ /* * Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket); try { * cookie.setMaxAge(Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, * null, "security.session.maxCookieAge"))); if * ("true".equals(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, * null, "security.session.lockSessionOnBrowserClose"))) { if * (log.isInfoEnabled()) log.info("New session - will force the user to * authenticate again"); // initialiseSession(request.getSession(), * user); // List profiles = // * CoreServlet.getServlet().getPropertyDatabase().getPropertyProfiles(user.getUsername(), // * false); // request.getSession().setAttribute(Constants.PROFILES, // * profiles); * request.getSession().setAttribute(Constants.SESSION_LOCKED, user); } } * catch (Exception e) { log.error(e); cookie.setMaxAge(900); } * cookie.setPath("/"); cookie.setSecure(true); * response.addCookie(cookie); */ // }
From source file:com.kodemore.servlet.ScServletData.java
public void setCookie(String key, String value, Integer expireSeconds, boolean secure) { value = Kmu.encodeUtf8(value);/*from w w w . j a v a 2s .c om*/ Cookie cookie = new Cookie(key, value); if (expireSeconds != null) cookie.setMaxAge(expireSeconds); if (secure) cookie.setSecure(true); // share cookies across the domain, regardless of the [servlet] path. cookie.setPath("/"); _setCookie(cookie); }