On 30/08/2010 00:34, [email protected] wrote: > + +1: kkolinko: Looking for usages of Constants.SINGLE_SIGN_ON_COOKIE, > + in SingleSignOn.invoke() there is one more call to response.addCookie(). > + It is used to remove the cookie, so I think HttpOnly is not important > there > + and thus I am letting this pass. Ack.
> The SingleSignOn valve is usually added to > + a <Host> (looking at the default server.xml), so we have to call > + request.getContext() to get a Context there? If we needed to, yes. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
