svn commit: r1602522 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/examples/WEB-INF/classes/CookieExample.java

[markt]

Author: markt
Date: Fri Jun 13 21:05:53 2014
New Revision: 1602522

URL: http://svn.apache.org/r1602522
Log:
Set the path for cookies created by the examples web app
This reduces the opportunity for using such cookies for malicious purposes 
should the advice to remove the examples web application from security 
sensitive systems be ignored.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1602521

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1602522&r1=1602521&r2=1602522&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Jun 13 21:05:53 2014
@@ -164,6 +164,17 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Set the path for cookies created by the examples web application so 
they
+        only returned to the examples application. This reduces the opportunity
+        for using such cookies for malicious purposes should the advice to
+        remove the examples web application from security sensitive systems be
+        ignored. (markt)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 7.0.54 (violetagg)" rtext="released 2014-05-22">
   <subsection name="Catalina">

Modified: 
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java?rev=1602522&r1=1602521&r2=1602522&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java 
(original)
+++ tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java 
Fri Jun 13 21:05:53 2014
@@ -50,6 +50,7 @@ public class CookieExample extends HttpS
         Cookie aCookie = null;
         if (cookieName != null && cookieValue != null) {
             aCookie = new Cookie(cookieName, cookieValue);
+            aCookie.setPath(request.getServletContext().getContextPath());
             response.addCookie(aCookie);
         }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org