Author: markt Date: Tue Sep 7 16:05:25 2010 New Revision: 993409 URL: http://svn.apache.org/viewvc?rev=993409&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49749 Add httpOnly support to SSO cookie
Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=993409&r1=993408&r2=993409&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Sep 7 16:05:25 2010 @@ -160,12 +160,6 @@ PATCHES PROPOSED TO BACKPORT: -1: rjung: s/vesion/version/g -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49749 - Add httpOnly support to SSO cookie - http://people.apache.org/~markt/patches/2010-08-25-bug49749.patch - +1: markt, rjung, kfujino - -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38113 Add system property to allow spec compliant handling of query string http://people.apache.org/~markt/patches/2010-08-25-bug38113.patch Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=993409&r1=993408&r2=993409&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Tue Sep 7 16:05:25 2010 @@ -797,7 +797,7 @@ public abstract class AuthenticatorBase cookie.setDomain(ssoDomain); } - response.addCookie(cookie); + response.addCookieInternal(cookie, context.getUseHttpOnly()); // Register this principal with our SSO valve sso.register(ssoId, principal, authType, username, password); Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=993409&r1=993408&r2=993409&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Sep 7 16:05:25 2010 @@ -59,6 +59,9 @@ that make multiple class to <code>Request.getAttributeNames()</code>. Patch provided by Sampo Savolainen. (markt) </fix> + <fix> + <bug>49749</bug>: Use httpOnly setting when creating SSO cookie. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org