On 30/08/2010 00:34, kkoli...@apache.org wrote: > + +1: kkolinko: Looking for usages of Constants.SINGLE_SIGN_ON_COOKIE, > + in SingleSignOn.invoke() there is one more call to response.addCookie(). > + It is used to remove the cookie, so I think HttpOnly is not important > there > + and thus I am letting this pass. Ack.
> The SingleSignOn valve is usually added to > + a <Host> (looking at the default server.xml), so we have to call > + request.getContext() to get a Context there? If we needed to, yes. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
