tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44382] Need to add support for HTTPOnly session cookie parameter
Date Sat, 13 Sep 2008 17:44:29 GMT

--- Comment #12 from Mark Thomas <>  2008-09-13 10:44:28 PST ---
I have applied a variation of your patches to trunk and will propose them for
6.0.x and 5.5.x shortly. The main differences are:

1. No change to the Servlet API classes. Whilst this is in the 3.0 draft, the
API isn't defined and whilst I am reasonably sure what it will look like I
don't want to risk API breakage when the 3.0 API is published.

2. It is enabled by default in trunk and will be enabled by default in Tomcat
7.x. I will propose the same default for 6.0.x and 5.5.x but we'll need to see
which way the votes go.

3. It is configured via the Manager. Where there is an option to use the
standard Tomcat configuration mechanism I prefer to use it. System properties
should be reserved for configuration that doesn't fit with a standard component
or would require some ugly hacks to do so. This was a nice, simple fit with the

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message