tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriele Bulfon <gbul...@sonicle.com>
Subject Re: Tomcat7 - Firefox - SWF Upload
Date Wed, 09 Feb 2011 16:22:55 GMT
ohps, looks like it's working now :)
don't know what I did wrong the previous time...probably I did not restart completely tomcat,
but just restarted the webapp?
well, solved anyway :)
thanks a lot!
----------------------------------------------------------------------------------
Da: Mark Thomas
A: Tomcat Users List
Data: 9 febbraio 2011 12.18.15 CET
Oggetto: Re: Tomcat7 - Firefox - SWF Upload
On 09/02/2011 09:19, Gabriele Bulfon wrote:
The conf/context.xml is the default one from Tomcat7 distribution.
My webapp context.xml just contains resources definitions such as jdbc pools.
Where should I place this "
useHttpOnly"
flag, if this is the solution?
In your app's /META-INF/context.xml change
...
to
...
My real question is about the jsessionid that is stated to be changed on tomcat7,
so maybe swfupload is not able to track the session and run correctly.
The reason is that the httpOnly attribute of a cookie prevents the
cookie from being available to scripts and applets. This prevents the
applet reading the session ID.
Setting useHttpOnly="false" stops the httpOnly flag from being added to
the cookie and makes it available to scripts and applets.
Be aware that disabling the httpOnly attribute on the cookie
significantly increases the impact of any XSS vulnerabilities in your
web application.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message