Commit 03f09aad authored by 王炜's avatar 王炜

调整cookies中userid为HttpOnly预防篡改,针对动态页面&静态页面使用系统通用授权查询增加预防sql注入。本需求暂无需上线,仅做git留档

parent d0c76c47
......@@ -57,6 +57,8 @@ public class DefaultLoginAdaptor implements ILoginAdaptor {
private static final boolean VALIDATE_CAPTCHA = true;
private static final boolean COOKIES_HTTP_ONLY= true;
// 校验码
private static final String KEY_VERIFICODE = "verifiCode";
......@@ -519,6 +521,7 @@ public class DefaultLoginAdaptor implements ILoginAdaptor {
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setPath(StringUtils.defaultIfEmpty(request.getContextPath(), "/"));
cookie.setMaxAge(-1);
cookie.setHttpOnly(COOKIES_HTTP_ONLY);
response.addCookie(cookie);
}
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment