tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eduardo Campoy" <ecam...@novell.com>
Subject Re: Question on Tomcat 4
Date Thu, 27 Nov 2003 16:11:42 GMT
Great News, and thanks a lot. 
But How do i implement this feature ?????




Eduardo Campoy
Technology Account Manager
Novell, THE leading provider of net business solutions
Tel - 55 11 3345-3938
Cel - 55 11 9232-7456
AIM - ecampoy sao
MSN - eduardocampoy@hotmail.com

>>> wbarker@wilshire.com 11/26/03 5:55 PM >>>
The "secureCookie" attribute was added to 3.3.2 only to allow backwards
compatibility with 3.3.1.  Like Tomcat 4 and higher, the default is
'true'.
It's a pretty small patch:
http://cvs.apache.org/viewcvs/jakarta-tomcat/src/share/org/apache/tomcat/mod
ules/session/SessionId.java.diff?r1=1.20&r2=1.21

if you just want to add the feature to 3.3.1.  Like Yoav said, TC 4 and
higher always uses secure cookies.

----- Original Message -----
From: "Shapira, Yoav" <Yoav.Shapira@mpi.com>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Wednesday, November 26, 2003 8:37 AM
Subject: RE: Question on Tomcat 4



Howdy,
Tomcat 4 and later are so different from 3.x.  I suggest you do the
migration, if only for the speed and feature increases.  I don't think
there's an "attribute" called "secureCookie" in tomcat4, as there is no
"un-secure" mode.  Perhaps a tomcat 3 guru like Senor Barker can fill in
more information...

Yoav Shapira
Millennium ChemInformatics


>-----Original Message-----
>From: Eduardo Campoy [mailto:ecampoy@novell.com]
>Sent: Wednesday, November 26, 2003 11:33 AM
>To: tomcat-dev@jakarta.apache.org
>Cc: Jason Rivard
>Subject: Question on Tomcat 4
>
>Hello,
>
>I am using Tomcat 3.3.1 with Internet Web Application and after doing a
>ETHICAL HACKING TEST, they discovered a problem in Tomcat session
cookie
>(JSESSIONID).
>After reading Tomcat 3.3.2 manual , there is a atribute called
>"secureCookie" that resolve my issue. BUT tomcat 3.3.2 is not released
>yet.
>My question is "Does this atribute called "secureCookie" exist in
>TOMCAT 4 ?"
>
>Thanks in advanced
>
>
>
>Eduardo Campoy
>Technology Account Manager
>Novell, THE leading provider of net business solutions
>Tel - 55 11 3345-3938
>Cel - 55 11 9232-7456
>AIM - ecampoy sao
>MSN - eduardocampoy@hotmail.com




This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential,
proprietary
and/or privileged.  This e-mail is intended only for the individual(s)
to
whom it is addressed, and may not be saved, copied, printed, disclosed
or
used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message