This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c324245fb6 Fix BZ 69478 setHttpOnly() and setSecure() ignored passed
parameter
c324245fb6 is described below
commit c324245fb60c6549e57473cb1d0d29a28a287deb
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Nov 27 12:16:07 2024 +0000
Fix BZ 69478 setHttpOnly() and setSecure() ignored passed parameter
https://bz.apache.org/bugzilla/show_bug.cgi?id=69478
---
java/jakarta/servlet/http/Cookie.java | 16 ++++++++++++----
webapps/docs/changelog.xml | 6 ++++++
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/java/jakarta/servlet/http/Cookie.java
b/java/jakarta/servlet/http/Cookie.java
index 71144499a9..20ec7a741b 100644
--- a/java/jakarta/servlet/http/Cookie.java
+++ b/java/jakarta/servlet/http/Cookie.java
@@ -234,13 +234,17 @@ public class Cookie implements Cloneable, Serializable {
* <p>
* The default value is <code>false</code>.
*
- * @param flag if <code>true</code>, sends the cookie from the browser to
the server only when using a secure
+ * @param secure if <code>true</code>, sends the cookie from the browser
to the server only when using a secure
* protocol; if <code>false</code>, sent on any protocol
*
* @see #getSecure
*/
- public void setSecure(boolean flag) {
- setAttributeInternal(SECURE, EMPTY_STRING);
+ public void setSecure(boolean secure) {
+ if (secure) {
+ setAttributeInternal(SECURE, EMPTY_STRING);
+ } else {
+ setAttributeInternal(SECURE, null);
+ }
}
@@ -349,7 +353,11 @@ public class Cookie implements Cloneable, Serializable {
* @since Servlet 3.0
*/
public void setHttpOnly(boolean httpOnly) {
- setAttributeInternal(HTTP_ONLY, EMPTY_STRING);
+ if (httpOnly) {
+ setAttributeInternal(HTTP_ONLY, EMPTY_STRING);
+ } else {
+ setAttributeInternal(HTTP_ONLY, null);
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9198a16333..097b79fa50 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -201,6 +201,12 @@
header fields for HTTP (draft)</a> in the <code>RateLimitFilter</code>.
Based on pull request <pr>775</pr> provided by Chenjp. (markt)
</add>
+ <fix>
+ <bug>69478</bug>: Correct a regression introduced in 11.0.0-M19 that
+ meant when calling <code>setHttpOnly(boolean)</code> or
+ <code>setSecure(boolean)</code> for a cookie, the respective flags were
+ set regardless of the value passed to the method. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
