tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/session SessionId.java
Date Thu, 31 Oct 2002 06:24:59 GMT
billbarker    2002/10/30 22:24:59

  Modified:    src/share/org/apache/tomcat/modules/session SessionId.java
  Log:
  Disable session sharing when switching from HTTPS to HTTP.
  
  There is a new "secureCookie" attribute that can be set to "false" to continue to use the
old behavior where session sharing is enabled.
  
  The default behavior could be changed, if consistancy is considered to be more important
than security.
  
  Now Craig doesn't have to vote against the 3.3.2 release. ;)
  
  Revision  Changes    Path
  1.21      +13 -0     jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionId.java
  
  Index: SessionId.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionId.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- SessionId.java	22 Aug 2002 06:04:29 -0000	1.20
  +++ SessionId.java	31 Oct 2002 06:24:59 -0000	1.21
  @@ -97,6 +97,7 @@
       boolean cookiesFirst=true;
       boolean checkSSLSessionId=false;
       boolean ignoreCase=false;
  +    boolean secureCookie=true;
       
       public SessionId() {
   	ignoreCase= (File.separatorChar  == '\\');
  @@ -124,6 +125,15 @@
   	return ignoreCase;
       }
   
  +    /** Use secure cookies for SSL connections.
  +     */
  +    public void setSecureCookie(boolean sc) {
  +	secureCookie = sc;
  +    }
  +
  +    public boolean getSecureCookie() {
  +	return secureCookie;
  +    }
       
       /** Extract the session id from the request.
        * SessionInterceptor will have to be called _before_ mapper,
  @@ -358,6 +368,9 @@
   	StringBuffer buf = new StringBuffer();
   	buf.append( "JSESSIONID=" ).append( reqSessionId );
   	buf.append( ";Path=" ).append(  sessionPath  );
  +	if( secureCookie && rrequest.isSecure() ) {
  +	    buf.append(";Secure");
  +	}
   	response.addHeader( "Set-Cookie",
   			    buf.toString());
   	if( debug>0) log( "Setting cookie " + buf );
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message