geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r945012 - /geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/
Date Mon, 17 May 2010 08:18:31 GMT
Author: xuhaihong
Date: Mon May 17 08:18:30 2010
New Revision: 945012

Although setHttpOnly is recommended for protecting the script to read the cookie values, it
would bust DWR. By default, we will turn off in the GeronimoStandardContext. In Tomcat 7,
it uses the value configured in web.xml and context to determine whether or not this option
is turned on/off, so the users should still have chance to enable it by configuring the cookie-config
in web.xml


Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/
Mon May 17 08:18:30 2010
@@ -120,6 +120,9 @@ public class GeronimoStandardContext ext
         // disable Tomcat startup TLD scanning
+        // By default, we configure HttpOnly with false value, as it would cause DWR fail
to work
+        //On the runtime, Tomcat will determine the value based on the configurations in
web.xml and context, so the users still have a chance to open it via web.xml
+        setUseHttpOnly(false);
     public void setContextProperties(TomcatContext ctx) throws DeploymentException {

View raw message