Author: kkolinko
Date: Sun Dec 5 13:48:31 2010
New Revision: 1042350
URL: http://svn.apache.org/viewvc?rev=1042350&view=rev
Log:
Note disableURLRewriting and useHttpOnly options changes.
Modified:
tomcat/site/trunk/docs/migration.html
tomcat/site/trunk/xdocs/migration.xml
Modified: tomcat/site/trunk/docs/migration.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration.html?rev=1042350&r1=1042349&r2=1042350&view=diff
==============================================================================
--- tomcat/site/trunk/docs/migration.html (original)
+++ tomcat/site/trunk/docs/migration.html Sun Dec 5 13:48:31 2010
@@ -845,23 +845,42 @@ compatibility problems.</p>
<p>With the addition of <code>SessionCookieConfig</code> in the Servlet 3.0
specification, a number of session cookie configuration options have been
removed to reduce configuration and code complexity.</p>
-
+
<ul>
- <li>Connector.emptySessionPath: This has been removed. An equivalent
+ <li>
+<strong>Connector</strong>
+<code>.emptySessionPath</code>: This has been removed. An equivalent
effect can be obtained by configuring sessionCookiePath="/" in the global
context.xml (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_COOKIE_NAME system property: This has
been
+ <li>
+<code>org.apache.catalina.SESSION_COOKIE_NAME</code> system property: This has
been
removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_PARAMETER_NAME system property: This has
+ <li>
+<code>org.apache.catalina.SESSION_PARAMETER_NAME</code> system property: This
has
been removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
+
+ <li>
+<strong>Context</strong>
+<code>.disableURLRewriting</code>: This has
+ been removed. An equivalent effect can be obtained by configuring the
+ <code>session-config/tracking-mode</code> elements in a web application
+ or in the global <conf>CATALINA_BASE/conf/web.xml</conf> file.</li>
</ul>
+ <p>The session and SSO cookies in Tomcat 7 are being sent with HttpOnly
+ flag by default, to instruct browsers to prevent access to those cookies
+ from JavaScript.
+ (This can be enabled in Tomcat 6.0 and 5.5 by setting
+ <code>useHttpOnly="true"</code> on <strong>Context</strong> element in
+ a web application or in the global
+ <code>CATALINA_BASE/conf/context.xml</code> file).</p>
+
</blockquote>
</td>
</tr>
Modified: tomcat/site/trunk/xdocs/migration.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration.xml?rev=1042350&r1=1042349&r2=1042350&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/migration.xml (original)
+++ tomcat/site/trunk/xdocs/migration.xml Sun Dec 5 13:48:31 2010
@@ -228,23 +228,36 @@ compatibility problems.</p>
<p>With the addition of <code>SessionCookieConfig</code> in the Servlet 3.0
specification, a number of session cookie configuration options have been
removed to reduce configuration and code complexity.</p>
-
+
<ul>
- <li>Connector.emptySessionPath: This has been removed. An equivalent
+ <li><strong>Connector</strong><code>.emptySessionPath</code>: This has
been removed. An equivalent
effect can be obtained by configuring sessionCookiePath="/" in the global
context.xml (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_COOKIE_NAME system property: This has
been
+ <li><code>org.apache.catalina.SESSION_COOKIE_NAME</code> system
property: This has been
removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_PARAMETER_NAME system property: This has
+ <li><code>org.apache.catalina.SESSION_PARAMETER_NAME</code> system
property: This has
been removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
+
+ <li><strong>Context</strong><code>.disableURLRewriting</code>: This has
+ been removed. An equivalent effect can be obtained by configuring the
+ <code>session-config/tracking-mode</code> elements in a web application
+ or in the global <conf>CATALINA_BASE/conf/web.xml</conf> file.</li>
</ul>
+ <p>The session and SSO cookies in Tomcat 7 are being sent with HttpOnly
+ flag by default, to instruct browsers to prevent access to those cookies
+ from JavaScript.
+ (This can be enabled in Tomcat 6.0 and 5.5 by setting
+ <code>useHttpOnly="true"</code> on <strong>Context</strong> element in
+ a web application or in the global
+ <code>CATALINA_BASE/conf/context.xml</code> file).</p>
+
</subsection>
<subsection name="Comet">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
