tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: [VOTE] Proposed API change to the Manager interface
Date Mon, 07 Feb 2005 21:56:46 GMT
Bill Barker wrote:
> I'd be happier if this was conditional on emptySessionPath="true" (or
> otherwise could be disabled).  Otherwise I have to trust that the browser
> doesn't have some JavaScript and/or IFrame bug that allows a Cookie to be
> sent.

I think it should be safe, but once in a while there's a vulnerability 
allowing javascript access to the cookie store (in IE ;) ). We can 
change that later once it is proven to be safe enough.

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message