svn commit: r1602521 - in /tomcat/trunk/webapps: docs/changelog.xml examples/WEB-INF/classes/CookieExample.java

Fri, 13 Jun 2014 14:05:10 -0700 

Author: markt
Date: Fri Jun 13 21:04:05 2014
New Revision: 1602521

URL: http://svn.apache.org/r1602521
Log:
Set the path for cookies created by the examples web app
This reduces the opportunity for using such cookies for malicious purposes 
should the advice to remove the examples web application from security 
sensitive systems be ignored.

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1602521&r1=1602520&r2=1602521&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 13 21:04:05 2014
@@ -256,6 +256,17 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Set the path for cookies created by the examples web application so 
they
+        only returned to the examples application. This reduces the opportunity
+        for using such cookies for malicious purposes should the advice to
+        remove the examples web application from security sensitive systems be
+        ignored. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>

Modified: tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java?rev=1602521&r1=1602520&r2=1602521&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java (original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java Fri Jun 13 
21:04:05 2014
@@ -50,6 +50,7 @@ public class CookieExample extends HttpS
         Cookie aCookie = null;
         if (cookieName != null && cookieValue != null) {
             aCookie = new Cookie(cookieName, cookieValue);
+            aCookie.setPath(request.getServletContext().getContextPath());
             response.addCookie(aCookie);
         }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to