检查代码逻辑,当客户端不需要读取cookie时,将HttpOnly属性设为true。

    1. Cookie cookie = new Cookie("myCookieName", value);
    2. cookie.setHttpOnly(true);