DO NOT REPLY [Bug 49716] New: HttpOnly flag can't be turned off for JSESSIONID

bugzilla Fri, 06 Aug 2010 00:25:53 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=49716


           Summary: HttpOnly flag can't be turned off for JSESSIONID
           Product: Tomcat 7
           Version: unspecified
          Platform: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Servlet & JSP API
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: franky...@gmail.com


Using a simple JSP that contains only text verified that the HTTPOnly flag is
always set for the JSESSIONID when using either of the following
configurations:

<cookie-config>
    <http-only>true</http-only>
</cookie-config>

<cookie-config>
    <http-only>false</http-only>
</cookie-config>

Specifying false should create a JSESSIONID without the HttpOnly flag.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 49716] New: HttpOnly flag can't be turned off for JSESSIONID

Reply via email to