https://issues.apache.org/bugzilla/show_bug.cgi?id=53377
Priority: P2
Bug ID: 53377
Assignee: dev@tomcat.apache.org
Summary: Cookie JSESSIONID is not secured
Severity: major
Classification: Unclassified
OS: Linux
Reporter: chinoise...@yahoo.com
Hardware: All
Status: NEW
Version: 5.5.33
Component: Connector:HTTP
Product: Tomcat 5
I happened to setup in tomcat
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"/>
But when i request https://MyURL
And from the firefox raw data, i still see JSESSION cookie is not secured.
There is no secure word at the the Set-Cookie
Set-Cookie: JSESSIONID=BAD4B8869D292DECECDA75863eCg; Path=/myApp
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
