Cookie的setHttpOnly()和setSecure()

https://openhome.cc/Gossip/ServletJSP/Cookie.html

https://ajoshow.com/2017/07/19/201707192223/

 

Spring設定
https://www.itread01.com/content/1558404302.html
public class MainWebAppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext sc) throws ServletException {
        sc.getSessionCookieConfig().setHttpOnly(true);        
        sc.getSessionCookieConfig().setSecure(true);        
    }
}