migration.xml

kkolinko Sun, 05 Dec 2010 05:48:59 -0800

Author: kkolinko
Date: Sun Dec  5 13:48:31 2010
New Revision: 1042350

URL: http://svn.apache.org/viewvc?rev=1042350&view=rev
Log:
Note disableURLRewriting and useHttpOnly options changes.


Modified:
    tomcat/site/trunk/docs/migration.html
    tomcat/site/trunk/xdocs/migration.xml

Modified: tomcat/site/trunk/docs/migration.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration.html?rev=1042350&r1=1042349&r2=1042350&view=diff
==============================================================================
--- tomcat/site/trunk/docs/migration.html (original)
+++ tomcat/site/trunk/docs/migration.html Sun Dec  5 13:48:31 2010
@@ -845,23 +845,42 @@ compatibility problems.</p>
     <p>With the addition of <code>SessionCookieConfig</code> in the Servlet 3.0
     specification, a number of session cookie configuration options have been
     removed to reduce configuration and code complexity.</p>
-    
+
     <ul>
-      <li>Connector.emptySessionPath: This has been removed. An equivalent
+      <li>
+<strong>Connector</strong>
+<code>.emptySessionPath</code>: This has been removed. An equivalent
       effect can be obtained by configuring sessionCookiePath="/" in the global
       context.xml (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
 
-      <li>org.apache.catalina.SESSION_COOKIE_NAME system property: This has 
been
+      <li>
+<code>org.apache.catalina.SESSION_COOKIE_NAME</code> system property: This has 
been
       removed. An equivalent effect can be obtained by configuring the
-      sessionCookieName attribute for the global context.xml
+      <code>sessionCookieName</code> attribute for the global context.xml
       (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
 
-      <li>org.apache.catalina.SESSION_PARAMETER_NAME system property: This has
+      <li>
+<code>org.apache.catalina.SESSION_PARAMETER_NAME</code> system property: This 
has
       been removed. An equivalent effect can be obtained by configuring the
-      sessionCookieName attribute for the global context.xml
+      <code>sessionCookieName</code> attribute for the global context.xml
       (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
+
+      <li>
+<strong>Context</strong>
+<code>.disableURLRewriting</code>: This has
+      been removed. An equivalent effect can be obtained by configuring the
+      <code>session-config/tracking-mode</code> elements in a web application
+      or in the global <conf>CATALINA_BASE/conf/web.xml</conf> file.</li>
     </ul>
 
+    <p>The session and SSO cookies in Tomcat 7 are being sent with HttpOnly
+    flag by default, to instruct browsers to prevent access to those cookies
+    from JavaScript.
+    (This can be enabled in Tomcat 6.0 and 5.5 by setting
+    <code>useHttpOnly="true"</code> on <strong>Context</strong> element in
+    a web application or in the global
+    <code>CATALINA_BASE/conf/context.xml</code> file).</p>
+
   </blockquote>
 </td>
 </tr>

Modified: tomcat/site/trunk/xdocs/migration.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration.xml?rev=1042350&r1=1042349&r2=1042350&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/migration.xml (original)
+++ tomcat/site/trunk/xdocs/migration.xml Sun Dec  5 13:48:31 2010
@@ -228,23 +228,36 @@ compatibility problems.</p>
     <p>With the addition of <code>SessionCookieConfig</code> in the Servlet 3.0
     specification, a number of session cookie configuration options have been
     removed to reduce configuration and code complexity.</p>
-    
+
     <ul>
-      <li>Connector.emptySessionPath: This has been removed. An equivalent
+      <li><strong>Connector</strong><code>.emptySessionPath</code>: This has 
been removed. An equivalent
       effect can be obtained by configuring sessionCookiePath="/" in the global
       context.xml (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
 
-      <li>org.apache.catalina.SESSION_COOKIE_NAME system property: This has 
been
+      <li><code>org.apache.catalina.SESSION_COOKIE_NAME</code> system 
property: This has been
       removed. An equivalent effect can be obtained by configuring the
-      sessionCookieName attribute for the global context.xml
+      <code>sessionCookieName</code> attribute for the global context.xml
       (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
 
-      <li>org.apache.catalina.SESSION_PARAMETER_NAME system property: This has
+      <li><code>org.apache.catalina.SESSION_PARAMETER_NAME</code> system 
property: This has
       been removed. An equivalent effect can be obtained by configuring the
-      sessionCookieName attribute for the global context.xml
+      <code>sessionCookieName</code> attribute for the global context.xml
       (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
+
+      <li><strong>Context</strong><code>.disableURLRewriting</code>: This has
+      been removed. An equivalent effect can be obtained by configuring the
+      <code>session-config/tracking-mode</code> elements in a web application
+      or in the global <conf>CATALINA_BASE/conf/web.xml</conf> file.</li>
     </ul>
 
+    <p>The session and SSO cookies in Tomcat 7 are being sent with HttpOnly
+    flag by default, to instruct browsers to prevent access to those cookies
+    from JavaScript.
+    (This can be enabled in Tomcat 6.0 and 5.5 by setting
+    <code>useHttpOnly="true"</code> on <strong>Context</strong> element in
+    a web application or in the global
+    <code>CATALINA_BASE/conf/context.xml</code> file).</p>
+
   </subsection>
 
   <subsection name="Comet">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1042350 - in /tomcat/site/trunk: docs/migration.html xdocs/migration.xml

Reply via email to