DO NOT REPLY [Bug 49749] New: SSO cookie should be added as HttpOnly

bugzilla Fri, 13 Aug 2010 16:18:53 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=49749


           Summary: SSO cookie should be added as HttpOnly
           Product: Tomcat 5
           Version: 5.5.29
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: dheine...@gmail.com


SSO cookies should be made HttpOnly by default.

In org.apache.catalina.authenticator.AuthenticatorBase#register(), 

798- response.addCookie(cookie);
798+ response.addCookieInternal(cookie, true);

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 49749] New: SSO cookie should be added as HttpOnly

Reply via email to