tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: [PATCH] Bug 22905 - set secure option in cookie for JSESSIONID when communicating via SSL
Date Wed, 03 Sep 2003 07:29:10 GMT
I know that "patches are always welcome", but a variant of this has been in
3.3.2-dev (aka nightly) for a very long time.

----- Original Message ----- 
From: "Kubo Hiroshi" <hiroshi@netird.ad.jp>
To: <tomcat-dev@jakarta.apache.org>
Sent: Wednesday, September 03, 2003 12:13 AM
Subject: [PATCH] Bug 22905 - set secure option in cookie for JSESSIONID when
communicating via SSL


> This patch adds  "secureCookie" option to SessionId Intercepter.
>
> For example,
>
> <SessionId cookiesFirst="true" noCookies="false" secureCookie="true" />
>
> If secureCookie is set to be "true", cookie for JSESSIONID sent via SSL
connection
> will have "Secure" option.
>
> The patch below is for Tomcat-3.3.1a.
>
>
> Hiroshi
>
> ===================================================================
> --- src/share/org/apache/tomcat/modules/session/SessionId.java.orig Wed
Sep  3 15:34:11 2003
> +++ src/share/org/apache/tomcat/modules/session/SessionId.java Wed Sep  3
15:04:22 2003
> @@ -96,6 +96,7 @@
>      boolean noCookies=false;
>      boolean cookiesFirst=true;
>      boolean checkSSLSessionId=false;
> +    boolean secureCookie=false;
>
>      public SessionId() {
>      }
> @@ -112,6 +113,10 @@
>          this.checkSSLSessionId = checkSSLSessionId;
>      }
>
> +    public void setSecureCookie(boolean secureCookie) {
> +        this.secureCookie = secureCookie;
> +    }
> +
>
>      /** Extract the session id from the request.
>       * SessionInterceptor will have to be called _before_ mapper,
> @@ -341,6 +346,9 @@
>   StringBuffer buf = new StringBuffer();
>   buf.append( "JSESSIONID=" ).append( reqSessionId );
>   buf.append( ";Path=" ).append(  sessionPath  );
> + if ( secureCookie && rrequest.isSecure() ) {
> +            buf.append( ";Secure" );
> +        }
>   response.addHeader( "Set-Cookie",
>       buf.toString());
>   if( debug>0) log( "Setting cookie " + buf );
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>


Mime
View raw message