tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: svn commit: r749019 - in /tomcat/tc6.0.x/trunk: ./ java/org/apache/catalina/ java/org/apache/catalina/connector/ java/org/apache/catalina/session/ java/org/apache/tomcat/util/http/ webapps/docs/ webapps/docs/config/
Date Sun, 01 Mar 2009 18:40:34 GMT
On 01/03/2009, markt@apache.org <markt@apache.org> wrote:
> Author: markt
>  Date: Sun Mar  1 12:47:54 2009
>  New Revision: 749019
>
>  URL: http://svn.apache.org/viewvc?rev=749019&view=rev
>  Log:
>  Provide an option to use httpOnly for session cookies. Disabled by default.
>
...
==============================================================================
>  --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java (original)
>  +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java Sun Mar 
1 12:47:54 2009
>  @@ -217,7 +217,11 @@
>       */
>      protected PropertyChangeSupport support = new PropertyChangeSupport(this);
>
>  -
>  +    /**
>  +     * The flag that indicates that session cookies should use HttpOnly
>  +     */
>  +    protected boolean useHttpOnly = false;
>  +
>      // ------------------------------------------------------------- Security classes
>
>
>  @@ -655,6 +659,27 @@
>
>      }
>
>  +    /**
>  +     * Gets the value of the use HttpOnly cookies for session cookies flag.
>  +     *
>  +     * @return <code>true</code> if the HttpOnly flag should be set on
session
>  +     *         cookies
>  +     */
>  +    public boolean getUseHttpOnly() {
>  +        return useHttpOnly;
>  +    }
>  +
>  +
>  +    /**
>  +     * Sets the use HttpOnly cookies for session cookies flag.
>  +     *
>  +     * @param useHttpOnly   Set to <code>true</code> to use HttpOnly cookies
>  +     *                          for session cookies
>  +     */
>  +    public void setUseHttpOnly(boolean useHttpOnly) {
>  +        this.useHttpOnly = useHttpOnly;
>  +    }
>  +
>      // --------------------------------------------------------- Public Methods

Since there are public get/set methods, why make the variable
protected rather than private?

It will be difficult to make the variable private later, and the fewer
non-private variables, the easier it is to test and debug classes.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message