When using the expires flag, the date must be exactly in the format you are currently using, as well as in the GMT (Greenwich Mean Time) timezone. The reason that your cookie does not get expired 2 minutes after it has been created is because you are using datetime.now(), which returns the current local date … Read more
You are right, manually setting header is the right way to achive your goal. You can also use javax.ws.rs.core.NewCookie or any other class with useful toString method to print cookie to a header to make things more simple. public static String getHttpOnlyCookieHeader(Cookie cookie) { NewCookie newCookie = new NewCookie(cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getVersion(), cookie.getComment(), cookie.getMaxAge(), … Read more
I’ll try to answer this in a generic way so that the answer is applicable across frameworks, implementations and languages because the answers to all the questions can be derived from the general protocol or algorithm specifications. Which OAuth 2.0 grant type should I use? This is the first thing to be decided. When it … Read more