[JAVA] Set cookies with Spring Boot


You just have to define a bean that returns a ServletContextInitializer.

Write the following code in an appropriate Application class


    public ServletContextInitializer servletContextInitializer(@Value("${secure.cookie}")boolean secure) {
        return servletContext -> {

set to httponly


        return servletContext -> {

Add secure attribute

        return servletContext -> {

It may be a hindrance when developing locally, so it may be more convenient to get it from properties and set it to true in the prod setting.

    public ServletContextInitializer servletContextInitializer(@Value("${secure.cookie}")boolean secure) {
        return servletContext -> {

Do not give JSESSIONID to URL

If cookies are not available, you will try to manage the session with the URL, which should be avoided. Even if cookies can be used, the JESSION ID will be given to the URL only for the first access. Since Spring Boot uses Servlet 3.0, you can narrow down to cookies only by setting Session Tracking Mode.

        return servletContext -> {

This is synonymous with the following settings in web.xml.



If you set these together, it will look like this

    public ServletContextInitializer servletContextInitializer(@Value("${secure.cookie}")boolean secure) {

        ServletContextInitializer servletContextInitializer = new ServletContextInitializer() {
            public void onStartup(ServletContext servletContext) throws ServletException {
        return servletContextInitializer;

reference https://www.glamenv-septzen.net/view/1093

