--- C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/javax/servlet/http/Cookie.java (revision 642698) +++ C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/javax/servlet/http/Cookie.java (working copy) @@ -87,6 +87,7 @@ private int maxAge = -1; // ;Max-Age=VALUE ... cookies auto-expire private String path; // ;Path=VALUE ... URLs that see the cookie private boolean secure; // ;Secure ... e.g. use SSL + private boolean httpOnly; // ;HttpOnly ... e.g. block javascript access private int version = 0; // ;Version=1 ... means RFC 2109++ style @@ -336,6 +337,45 @@ /** + * Indicates to the browser whether the cookie can be accessed + * via Javascript + * + *
The default value is false
.
+ *
+ * @param flag if true
, sends the cookie with the HttpOnly flag
+ * preventing some browsers from accessing the cookie data via javascript
+ * if false
, javascript has full access to cookie
+ * data in all browsers
+ *
+ * @see #getHttpOnly
+ *
+ */
+
+ public void setHttpOnly(boolean flag) {
+ httpOnly = flag;
+ }
+
+
+
+
+ /**
+ * Returns true
if the cookie has the httpOnly flag set,
+ * or false
if javascript has full access
+ * to cookie data
+ *
+ * @return true
if the cookie has httpOnly set;
+ * otherwise, false
+ *
+ * @see #setHttpOnly
+ *
+ */
+
+ public boolean getHttpOnly() {
+ return httpOnly;
+ }
+
+
+ /**
* Indicates to the browser whether the cookie should only be sent
* using a secure protocol, such as HTTPS or SSL.
*
@@ -374,8 +414,6 @@
-
-
/**
* Returns the name of the cookie. The name cannot be changed after
* creation.