tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49749] New: SSO cookie should be added as HttpOnly
Date Fri, 13 Aug 2010 23:18:26 GMT

           Summary: SSO cookie should be added as HttpOnly
           Product: Tomcat 5
           Version: 5.5.29
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina

SSO cookies should be made HttpOnly by default.

In org.apache.catalina.authenticator.AuthenticatorBase#register(), 

798- response.addCookie(cookie);
798+ response.addCookieInternal(cookie, true);

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message