In my application, I added secure flags to the session header using this solution: https://stackoverflow.com/a/16616225
I experienced the following problem:
- It works when I deploy to the remote machine. I can connect to it, no problems!
- It does not work on my local, because http://localhost:7001 is no longer valid, I need to use HTTPS connection (https://localhost:7001).
The question is that can I enable or know that I am deploying on my local and I will use HTTP connection instead of HTTPS? Like writing a switch case so that when I deploy it locally, I won't use HTTPS and when I deploy to remote server, I will use HTTPS?
public class SecurityFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
// wrap the response
HttpServletResponse response = new SecureCookieSetter((HttpServletResponse)res);
// touch the session, so that it is added to the response header
((HttpServletRequest)req).getSession();
response.setHeader("Set-Cookie", "JSESSIONID=" + ((HttpServletRequest)req).getSession().getId() + ";Path=/");
HttpServletResponse response = (HttpServletResponse)res;
chain.doFilter(req, response);
}
@Override
public void destroy() {
}
}
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>package.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
