svn commit: r496025 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml

Sat, 13 Jan 2007 19:19:12 -0800 

Author: markt
Date: Sat Jan 13 19:18:06 2007
New Revision: 496025

URL: http://svn.apache.org/viewvc?view=rev&rev=496025
Log:
Fix bug 41217. Make SSO cookie secure when created during a secure request. 
Patch provided by Chris Halstead.

Modified:
    
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java?view=diff&rev=496025&r1=496024&r2=496025
==============================================================================
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
 Sat Jan 13 19:18:06 2007
@@ -746,6 +746,9 @@
             cookie.setMaxAge(-1);
             cookie.setPath("/");
             
+            // Bugzilla 41217
+            cookie.setSecure(request.isSecure());
+            
             // Bugzilla 34724
             String ssoDomain = sso.getCookieDomain();
             if(ssoDomain != null) {

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?view=diff&rev=496025&r1=496024&r2=496025
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Jan 13 19:18:06 2007
@@ -141,6 +141,11 @@
         extend ValveBase. (markt)
       </fix>
       <fix>
+        <bug>41217</bug>: Set secure attribute on SSO cookie when cookie is
+        created during a secure request. Patch provided by Chris Halstead.
+        (markt)
+      </fix>
+      <fix>
         Ensure Accept-Language headers conform to RFC 2616. Ignore them if
         they do not. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to