如何在Servlet响应中添加多个“Set-Cookie”头？

Question

如何在Servlet响应中添加多个“Set-Cookie”头？

5

根据RFC https://www.rfc-editor.org/rfc/rfc6265#page-7，允许有两个具有相同键名“Set-Cookie”的标头。RFC提供的示例为：

Set-Cookie: SID=31d4d96e407aad42; Path=/; Secure; HttpOnly
Set-Cookie: lang=en-US; Path=/; Domain=example.com

我该如何在Jetty（或任何其他servlet容器）中实现同样的效果？当我这样调用httpServletResponse.addHeader时-

httpServletResponse.addHeader("Set-Cookie", "SID=31d4d96e407aad42; Path=/; Secure; HttpOnly");
httpServletResponse.addHeader("Set-Cookie", "lang=en-US; Path=/; Domain=example.com");

我发现第二个addHeader()并没有添加新的头信息。根据该方法的javadoc文档——

添加给定名称和值的响应头。此方法允许响应头具有多个值。

所以似乎允许有多个值，但我不确定如何在servlet响应中有多个“Set-Cookie”。

- gauravphoenix

这在Jetty 9上原样工作，完全按照您的预期执行，并产生与@defectus（下面）显示相同的结果。 - Joakim Erdfelt

2个回答

1

也许这不是你想要的答案，但我刚刚尝试了一下，它立即就起作用了：

Set-Cookie:SID=31d4d96e407aad42; Path=/; Secure; HttpOnly
Set-Cookie:lang=en-US; Path=/; Domain=example.com
Set-Cookie:JSESSIONID=76A68D96ED044DDFF0CC266810F52DDA; Path=/; HttpOnly

这就是响应的样子。也许是你特定的网络容器或实现的问题。尝试调试应用程序（使用远程调试工具），找出标题丢失的位置。

- defectus

你使用的是哪个Servlet容器？（Jetty/tomcat等）另外，能否分享一下你的代码？非常感谢你的尝试！ - gauravphoenix

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Joakim Erdfelt · Accepted Answer

直接设置Cookie有些笨拙，考虑到Servlet API专门为处理Cookie提供了方法。测试结果表明，在Jetty 9.3.0.v20150612中的工作正常。

示例：SetCookieTest.java

package jetty;

import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.Socket;
import java.nio.charset.StandardCharsets;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;

public class SetCookieTest
{
    @SuppressWarnings("serial")
    public static class SetCookieAddHeaderServlet extends HttpServlet
    {
        @Override
        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
        {
            resp.setContentType("text/plain");
            resp.addHeader("Set-Cookie","SID=31d4d96e407aad42; Path=/; Secure; HttpOnly");
            resp.addHeader("Set-Cookie","lang=en-US; Path=/; Domain=example.com");
            PrintWriter out = resp.getWriter();
            out.println("Hello From: " + this.getClass().getName());
        }
    }

    @SuppressWarnings("serial")
    public static class SetCookieAddCookieServlet extends HttpServlet
    {
        @Override
        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
        {
            resp.setContentType("text/plain");

            // Set-Cookie: SID=31d4d96e407aad42; Path=/; Secure; HttpOnly
            Cookie sidCookie = new Cookie("SID","31d4d96e407aad42");
            sidCookie.setPath("/");
            sidCookie.setSecure(true);
            sidCookie.setHttpOnly(true);
            resp.addCookie(sidCookie);

            // Set-Cookie: lang=en-US; Path=/; Domain=example.com
            Cookie langCookie = new Cookie("lang","en-US");
            langCookie.setPath("/");
            langCookie.setDomain("example.com");
            resp.addCookie(langCookie);

            PrintWriter out = resp.getWriter();
            out.println("Hello From: " + this.getClass().getName());
        }
    }

    private static Server server;

    @BeforeClass
    public static void startServer() throws Exception
    {
        server = new Server(9090);
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
        context.addServlet(SetCookieAddHeaderServlet.class,"/test-add-header");
        context.addServlet(SetCookieAddCookieServlet.class,"/test-add-cookie");
        server.setHandler(context);
        server.start();
    }

    @AfterClass
    public static void stopServer() throws Exception
    {
        server.stop();
    }

    /**
     * Issue simple GET request, returning entire response (including payload)
     * 
     * @param uri
     *            the URI to request
     * @return the response
     */
    private String issueSimpleHttpGetRequest(String path) throws IOException
    {
        StringBuilder req = new StringBuilder();
        req.append("GET ").append(path).append(" HTTP/1.1\r\n");
        req.append("Host: localhost\r\n");
        req.append("Connection: close\r\n");
        req.append("\r\n");

        // Connect
        try (Socket socket = new Socket("localhost",9090))
        {
            try (OutputStream out = socket.getOutputStream())
            {

                // Issue Request
                byte rawReq[] = req.toString().getBytes(StandardCharsets.UTF_8);
                out.write(rawReq);
                out.flush();

                // Read Response
                StringBuilder resp = new StringBuilder();
                try (InputStream stream = socket.getInputStream();
                        InputStreamReader reader = new InputStreamReader(stream);
                        BufferedReader buf = new BufferedReader(reader))
                {
                    String line;
                    while ((line = buf.readLine()) != null)
                    {
                        resp.append(line).append(System.lineSeparator());
                    }
                }

                // Return Response
                return resp.toString();
            }
        }
    }

    @Test
    public void testAddHeader() throws Exception
    {
        String response = issueSimpleHttpGetRequest("/test-add-header");
        System.out.println(response);
        assertThat("response", response, containsString("Set-Cookie: SID=31d"));
        assertThat("response", response, containsString("Set-Cookie: lang=en-US"));
    }

    @Test
    public void testAddCookie() throws Exception
    {
        String response = issueSimpleHttpGetRequest("/test-add-cookie");
        System.out.println(response);
        assertThat("response", response, containsString("Set-Cookie: SID=31d"));
        assertThat("response", response, containsString("Set-Cookie: lang=en-US"));
    }
}

控制台输出

2015-06-25 14:18:19.186:INFO::main: Logging initialized @167ms
2015-06-25 14:18:19.241:INFO:oejs.Server:main: jetty-9.3.0.v20150612
2015-06-25 14:18:19.276:INFO:oejsh.ContextHandler:main: Started o.e.j.s.ServletContextHandler@56cbfb61{/,null,AVAILABLE}
2015-06-25 14:18:19.288:INFO:oejs.ServerConnector:main: Started ServerConnector@1ef05443{HTTP/1.1,[http/1.1]}{0.0.0.0:9090}
2015-06-25 14:18:19.289:INFO:oejs.Server:main: Started @270ms
HTTP/1.1 200 OK
Date: Thu, 25 Jun 2015 21:18:19 GMT
Content-Type: text/plain;charset=iso-8859-1
Set-Cookie: SID=31d4d96e407aad42;Path=/;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: lang=en-US;Path=/;Domain=example.com
Connection: close
Server: Jetty(9.3.0.v20150612)

Hello From: jetty.SetCookieTest$SetCookieAddCookieServlet

HTTP/1.1 200 OK
Date: Thu, 25 Jun 2015 21:18:19 GMT
Content-Type: text/plain;charset=iso-8859-1
Set-Cookie: SID=31d4d96e407aad42; Path=/; Secure; HttpOnly
Set-Cookie: lang=en-US; Path=/; Domain=example.com
Connection: close
Server: Jetty(9.3.0.v20150612)

Hello From: jetty.SetCookieTest$SetCookieAddHeaderServlet

2015-06-25 14:18:19.405:INFO:oejs.ServerConnector:main: Stopped ServerConnector@1ef05443{HTTP/1.1,[http/1.1]}{0.0.0.0:9090}
2015-06-25 14:18:19.407:INFO:oejsh.ContextHandler:main: Stopped o.e.j.s.ServletContextHandler@56cbfb61{/,null,UNAVAILABLE}