tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53377] New: Cookie JSESSIONID is not secured
Date Thu, 07 Jun 2012 03:57:34 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53377

          Priority: P2
            Bug ID: 53377
          Assignee: dev@tomcat.apache.org
           Summary: Cookie JSESSIONID is not secured
          Severity: major
    Classification: Unclassified
                OS: Linux
          Reporter: chinoise_my@yahoo.com
          Hardware: All
            Status: NEW
           Version: 5.5.33
         Component: Connector:HTTP
           Product: Tomcat 5

I happened to setup in tomcat
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" SSLEnabled="true"/>

But when i request https://MyURL

And from the firefox raw data, i still see JSESSION cookie is not secured.

There is no secure word at the the Set-Cookie

Set-Cookie: JSESSIONID=BAD4B8869D292DECECDA75863eCg; Path=/myApp

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message