tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 53377] New: Cookie JSESSIONID is not secured
Date Thu, 07 Jun 2012 03:57:34 GMT

          Priority: P2
            Bug ID: 53377
           Summary: Cookie JSESSIONID is not secured
          Severity: major
    Classification: Unclassified
                OS: Linux
          Hardware: All
            Status: NEW
           Version: 5.5.33
         Component: Connector:HTTP
           Product: Tomcat 5

I happened to setup in tomcat
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" SSLEnabled="true"/>

But when i request https://MyURL

And from the firefox raw data, i still see JSESSION cookie is not secured.

There is no secure word at the the Set-Cookie

Set-Cookie: JSESSIONID=BAD4B8869D292DECECDA75863eCg; Path=/myApp

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message