JvmRouteBinderValve.java

rjung Thu, 15 Apr 2010 12:15:55 -0700

Author: rjung
Date: Thu Apr 15 19:15:32 2010
New Revision: 934552

URL: http://svn.apache.org/viewvc?rev=934552&view=rev
Log:
Fix BZ47554: httpOnly flag not applied to migrated session cookie.


Port of r918741 from TC 5.5.x.

Modified:
    tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml
    
tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java

Modified: tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml?rev=934552&r1=934551&r2=934552&view=diff
==============================================================================
--- tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml (original)
+++ tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml Thu Apr 15 19:15:32 2010
@@ -33,6 +33,10 @@
   <subsection name="Cluster">
       <changelog>
       <fix>
+        <bug>47554</bug>: httpOnly flag not applied to migrated session cookie.
+        Port from Tomcat 5.5. (rjung)
+      </fix>
+      <fix>
         <bug>46384</bug>: Correct synchronisation issue that could lead to a
         cluster member disappering permanently.
         Port from Tomcat 5.5. (rjung)

Modified: 
tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java?rev=934552&r1=934551&r2=934552&view=diff
==============================================================================
--- 
tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
 (original)
+++ 
tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
 Thu Apr 15 19:15:32 2010
@@ -475,12 +475,14 @@ public class JvmRouteBinderValve extends
                     newCookie.setSecure(true);
                 }
                 if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("jvmRoute.newSessionCookie",
-                            sessionId, Globals.SESSION_COOKIE_NAME, newCookie
-                                    .getPath(), new Boolean(newCookie
-                                    .getSecure())));
+                    Object[] args = new Object[] {sessionId,
+                            Globals.SESSION_COOKIE_NAME,
+                            newCookie.getPath(),
+                            new Boolean(newCookie.getSecure()),
+                            new Boolean(context.getUseHttpOnly())};
+                    log.debug(sm.getString("jvmRoute.newSessionCookie", args));
                 }
-                response.addCookie(newCookie);
+                response.addCookieInternal(newCookie, 
context.getUseHttpOnly());
             }
         }
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r934552 - in /tomcat/sandbox/tomcat-oacc/trunk: docs/changelog.xml src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java

Reply via email to