\\ 在Jsp文件头引入
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
\\ 在登录的jsp中添加
<%
//增加随机数,解决 CSRF 漏洞
String uuid = UUID.randomUUID().toString().replaceAll("-", "");
request.getSession().setAttribute("randTxt",uuid);
//设置cookie只读
String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure ; HttpOnly");
%>
\\ form表单中添加一个隐藏域:Input
<input type="hidden" name="randSesion" value = "<%=request.getSession().getAttribute("randTxt")%>" />
网友评论