Author: markt
Date: Tue Sep  7 16:05:25 2010
New Revision: 993409

URL: http://svn.apache.org/viewvc?rev=993409&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49749
Add httpOnly support to SSO cookie

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=993409&r1=993408&r2=993409&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Sep  7 16:05:25 2010
@@ -160,12 +160,6 @@ PATCHES PROPOSED TO BACKPORT:
   -1:
   rjung: s/vesion/version/g
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49749
-  Add httpOnly support to SSO cookie
-  http://people.apache.org/~markt/patches/2010-08-25-bug49749.patch
-  +1: markt, rjung, kfujino
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38113
   Add system property to allow spec compliant handling of query string
   http://people.apache.org/~markt/patches/2010-08-25-bug38113.patch

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=993409&r1=993408&r2=993409&view=diff
==============================================================================
--- 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
 (original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
 Tue Sep  7 16:05:25 2010
@@ -797,7 +797,7 @@ public abstract class AuthenticatorBase
                 cookie.setDomain(ssoDomain);
             }
 
-            response.addCookie(cookie);
+            response.addCookieInternal(cookie, context.getUseHttpOnly());
 
             // Register this principal with our SSO valve
             sso.register(ssoId, principal, authType, username, password);

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=993409&r1=993408&r2=993409&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Sep  7 16:05:25 2010
@@ -59,6 +59,9 @@
         that make multiple class to <code>Request.getAttributeNames()</code>.
         Patch provided by Sampo Savolainen. (markt)
       </fix>
+      <fix>
+        <bug>49749</bug>: Use httpOnly setting when creating SSO cookie. 
(markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to