tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41217] - SingleSignOn Cookie does not honor https access: Login Information Disclosure
Date Fri, 12 Jan 2007 01:15:31 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217





------- Additional Comments From chris@sourcelabs.com  2007-01-11 17:15 -------
Created an attachment (id=19397)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19397&action=view)
Patch to set secure flag on SSO cookie when requested over https

There is an isSecure() method available in the Request object used by
AuthenticatorBase...not sure why you couldn't find it.	Attaching a patch that
sets the secure flag on the SSO cookie when accessed via https.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message