tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r989019 - in /tomcat/trunk: java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml
Date Wed, 25 Aug 2010 11:36:38 GMT
Author: markt
Date: Wed Aug 25 11:36:38 2010
New Revision: 989019

URL: http://svn.apache.org/viewvc?rev=989019&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49749

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=989019&r1=989018&r2=989019&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Wed Aug 25
11:36:38 2010
@@ -796,6 +796,12 @@ public abstract class AuthenticatorBase 
                 cookie.setDomain(ssoDomain);
             }
 
+            // Configure httpOnly on SSO cookie using same rules as session cookies
+            if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
+                    request.getContext().getUseHttpOnly()) {
+                cookie.setHttpOnly(true);
+            }
+            
             response.addCookie(cookie);
 
             // Register this principal with our SSO valve

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=989019&r1=989018&r2=989019&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Aug 25 11:36:38 2010
@@ -61,7 +61,11 @@
         processed. (markt)
       </fix>
       <fix>
-        <bug>47950</bug>: Align <code>WebappClassLoader.validate()</code>
+        <bug>49749</bug>: Single sign on cookies should have httpOnly flag set
+        using same rules as session cookies. (markt)
+      </fix>
+      <fix>
+        <bug>49750</bug>: Align <code>WebappClassLoader.validate()</code>
         implementation with Javadoc and ensure that <code>javax.servlet.*</code>
         classes can not be loaded by a <code>WebappClassLoader</code> instance.
         Patch provided by pid. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message