felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Bosschaert (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (FELIX-5099) JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes
Date Thu, 19 Nov 2015 14:03:10 GMT

     [ https://issues.apache.org/jira/browse/FELIX-5099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Bosschaert resolved FELIX-5099.
-------------------------------------
    Resolution: Fixed

Thanks for the patch [~asanso]! I've applied it in http://svn.apache.org/viewvc?view=revision&revision=1715183

> JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes
> -----------------------------------------------------------------------------
>
>                 Key: FELIX-5099
>                 URL: https://issues.apache.org/jira/browse/FELIX-5099
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>            Reporter: Antonio Sanso
>            Assignee: David Bosschaert
>         Attachments: FELIX-5099-patch.txt
>
>
> The session Cookie JSESSIONID has not the attributes HttpOnly and Secure; 
> There is already a pull request to address the HttpOnly case in https://github.com/apache/felix/pull/12/files
> Same approach can be used to address the secure flag



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message