DO NOT REPLY [Bug 41347] New: - No keep-alive in response header

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41347

   Summary: No keep-alive in response header
   Product: Tomcat 5
   Version: 5.5.20
  Platform: All
OS/Version: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connector:HTTP
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


Hi,
I find the information Connection: Keep-Alive never displayed in the response 
header. But If I disable keep-alive by setting maxKeepAliveRequests="1", I 
will see Connection: Close in the response header. 

I found that in the java source file "Http11Processor.java", line 1597, the 
codes are:
if (!keepAlive) {
headers.addValue(Constants.CONNECTION).setString(Constants.CLOSE);
} else if (!http11 && !error) {
headers.addValue(Constants.CONNECTION).setString(Constants.KEEPALIVE);
}

I think that "!http11" should be "http11". And I also think the logical is not 
robust here, how about if all the conditions are not satisfied?

Thanks!

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r495262 - /tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default

[fhanik]

Author: fhanik
Date: Thu Jan 11 07:47:10 2007
New Revision: 495262

URL: http://svn.apache.org/viewvc?view=rev&rev=495262
Log:
set better defaults

Modified:
tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default

Modified: tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default?view=diff&rev=495262&r1=495261&r2=495262
==
--- tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default (original)
+++ tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default Thu Jan 11 07:47:10 
2007
@@ -3,7 +3,7 @@
 
maven.repo.url=scp://people.apache.org/www/people.apache.org/repo/m2-snapshot-repository
 maven.repo.repositoryId=apache.snapshots
 maven.deploy.version=6.0.7-SNAPSHOT
-tomcat.lib.path=C:/development/tomcat/6.0/tc6.0.x/trunk/output/build/lib
-tomcat.bin.path=C:/development/tomcat/6.0/tc6.0.x/trunk/output/build/bin
-tomcat.pom.path=C:/development/tomcat/6.0/tc6.0.x/trunk/res/maven
-tomcat.extras.path=C:/development/tomcat/6.0/tc6.0.x/trunk/output/extras
\ No newline at end of file
+tomcat.lib.path=../../output/build/lib
+tomcat.bin.path=../../output/build/bin
+tomcat.pom.path=../../res/maven
+tomcat.extras.path=../../output/extras
\ No newline at end of file



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41350] New: - isapi_redirect.dll jk-1.2.20 does not work on IIS 6 on win2k3

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41350

   Summary: isapi_redirect.dll jk-1.2.20 does not work on IIS 6 on
win2k3
   Product: Tomcat 5
   Version: 5.5.17
  Platform: PC
OS/Version: Windows Server 2003
Status: NEW
  Severity: critical
  Priority: P1
 Component: Connector:AJP
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


I tried to install with jk-1.2.20 isapi_redirect.dll and couldn't get it to work
on IIS 6 on windows 2003 server.

I saw this posting
http://www.iis-resources.com/modules/newbb/viewtopic.php?topic_id=5150&forum=5

So I went back to jk-1.2.15 isapi_redirect.dll version and it works fine.
You need either a note on the IIS instructions page or fix the current version.

Let me know when it is fixed.
Thanks,
Shawn

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41350] - isapi_redirect.dll jk-1.2.20 does not work on IIS 6 on win2k3

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41350


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 08:42 ---
It works very vell on 2K3 reported by many usrers
Please use tomcat users list for further assistance.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Script for publishing JARs to Maven Repo done

[Paul McMahan]

Works perfectly.  Thanks!

Best wishes,
Paul

On 1/10/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:

done
http://people.apache.org/repo/m2-snapshot-repository/org/apache/tomcat/extras/
will that work for you to get the replacement done?

Filip

Paul McMahan wrote:
> Geronimo uses commons logging and I just found out how to reconfigure
> TC6 to support that logging impl at
> http://tomcat.apache.org/tomcat-6.0-doc/logging.html
>
> Can you also publish the tomcat-juli and tomcat-juli-adapters jars
> created by "ant -f extras.xml" to the maven repo so I can reference
> them from the Geronimo build?   Perhaps the groupId could be
> org.apache.tomcat.extras for these jars since extras/tomcat-juli.jar
> is actually a replacement for build/bin/tomcat-juli.jar.  Thanks again
> for all your help.
>
> Best wishes,
> Paul


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40222] - Default Tomcat configuration alows easy session hijacking

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40222





--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 10:46 ---
I was able to easily replicate this on 5.5.20.

RE #1 - unless I'm misreading the referenced post, that discussion is about new
sessions being created when going https-->http, not the other way around.  

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41324] - ApplicationFilterChain holds references to filters after request ends

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41324





--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 10:51 ---
This looks like it may be a dupe of 41034?

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41347] - No keep-alive in response header

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41347


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 11:25 ---
RFC 2616 only defines the value "Close" for the Connection header.  So Tomcat 
correctly only sends Connection: Keep-Alive for HTTP/1.0 clients that request 
persistent connections.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40524] - request.getAuthType() returns different string from HttpServletRequest.CLIENT_CERT_AUTH

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40524





--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 11:46 ---
Created an attachment (id=19396)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19396&action=view)
Fix for CLIENT_CERT/CLIENT-CERT mismatch

The auth-methodType value 'CLIENT-CERT' is defined in the web-app DTDs and
XSDs, but HttpServletRequest.java uses 'CLIENT_CERT'.  The Tomcat internal
Request class correctly uses 'CLIENT-CERT'.  This patch fixes
HttpServletRequest to match the descriptor definition.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41324] - ApplicationFilterChain holds references to filters after request ends

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41324


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||DUPLICATE




--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 12:46 ---


*** This bug has been marked as a duplicate of 41034 ***

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41034] - Classloader leak caused by request recycle

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41034


[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||[EMAIL PROTECTED]




--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 12:46 ---
*** Bug 41324 has been marked as a duplicate of this bug. ***

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41034] - Classloader leak caused by request recycle

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41034





--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 12:56 ---
(In reply to comment #4)

If on any subsequent request you don't map as many filters (i.e. the undeployed
app  used a lot of filters), the leak is permanent. An edge case, and not a huge
problem since if you redeploy the app most likely the new filters will replace
the old.

The biggest hassle about it is it makes it a pain to test for classloader leaks.
 But it's fixed in 6.x, so no big deal.



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38046] - apache-tomcat-5.5.14-deployer doesn't work (IllegalStateException: No Java compiler available)

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38046


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEEDINFO|NEW




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r495418 - /tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java

[remm]

Author: remm
Date: Thu Jan 11 14:43:03 2007
New Revision: 495418

URL: http://svn.apache.org/viewvc?view=rev&rev=495418
Log:
- Revert change: the default version for the implicit taglib is 2.0.

Modified:

tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java?view=diff&rev=495418&r1=495417&r2=495418
==
--- 
tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
 (original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
 Thu Jan 11 14:43:03 2007
@@ -48,7 +48,7 @@
 private static final String TAGX_FILE_SUFFIX = ".tagx";
 private static final String TAGS_SHORTNAME = "tags";
 private static final String TLIB_VERSION = "1.0";
-private static final String JSP_VERSION = "2.1";
+private static final String JSP_VERSION = "2.0";
 private static final String IMPLICIT_TLD = "implicit.tld";
 
 // Maps tag names to tag file paths



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40050] - context XML file deleted when path is not readable

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40050





--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 14:45 ---
I tried to repro this on 5.5.20 with no success.

I created a standalone webapp directory (in ${CATALINA_BASE}/test) and a context
file (under ${CATALINA_BASE}/conf/Catalina/localhost) that referenced it.  I
included 'path' and 'reloadable' attributes as in the OP's post.  I then tested
initial deployment and redeployment of the webapp with the webapp directory both
readable and unreadable by the tomcat process user.

In all circumstances when the webapp was unreadable the webapp failed to deploy
(or redeploy) with an IllegalArgumentException, but the context file was never
deleted.  Using antiresource/jar locking made no difference.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41322] - http chunked encoding missing chunk length

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41322


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 15:53 ---
Ok, this is our fault and not a bug in Tomcat so I'm closing as invalid.

We are using Sitemesh but the page being decorated is in another webapp, so we
have a custom proxy servlet that uses commons-httpclient to fetch the actual
target page. Our code then copies all headers from this proxied response into
the response the user sees. Clearly, not all headers are safe to copy, though:
transfer-encoding in particular!

The nastiest part is that the consequences are intermittent and subtle; as
described the browser occasionally silently ignores a response from the server -
just when the proxied response was returned using chunked encoding, but the
response to the browser is not (because it is the last in a keep-alive
sequence). In this case, the http header indicates chunked, but the
Http11Processor class has (correctly) not configured the ChunkedOutputFilter. 
Ecch.

It would be nice if class Http11Processor would check for the presence of a
Transfer-Encoding header added manually by the user, and either switch to using
the specified encoding or just log an error. However that does have a (small)
performance hit, and very few people are likely to be bitten by this..

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r495459 - /tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/PageDataImpl.java

[remm]

Author: remm
Date: Thu Jan 11 17:09:46 2007
New Revision: 495459

URL: http://svn.apache.org/viewvc?view=rev&rev=495459
Log:
- Same here.

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/PageDataImpl.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/PageDataImpl.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/PageDataImpl.java?view=diff&rev=495459&r1=495458&r2=495459
==
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/PageDataImpl.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/PageDataImpl.java Thu 
Jan 11 17:09:46 2007
@@ -48,7 +48,7 @@
  */
 class PageDataImpl extends PageData implements TagConstants {
 
-private static final String JSP_VERSION = "2.1";
+private static final String JSP_VERSION = "2.0";
 private static final String CDATA_START_SECTION = "\n";
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41354] New: - mod_jk 1.2.15 with tomcat 2.0.58 throws session timeouts

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41354

   Summary: mod_jk 1.2.15 with tomcat 2.0.58 throws session timeouts
   Product: Tomcat 5
   Version: 5.0.28
  Platform: Other
OS/Version: Linux
Status: NEW
  Severity: blocker
  Priority: P2
 Component: Connector:AJP
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


Hi,

We are using mod_jk 1.2.15 and tomcat 2.0.58 for the application. We have 2 
web server connecting to 9 tomcats running 3 on each machine. We have set the 
sticky session to true and expect the session to stick to one tomcat. But some 
how the session goes on to another tomcat and the user gets a session timeout 
error. The tomcat which was serving the user request earlier does not hang or 
anything. It can respond to other requests. Some this seem to be issue with 
mod_jk in not sending the request back again to the same tomcat.

Thanks,
Aravind

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41217] - SingleSignOn Cookie does not honor https access: Login Information Disclosure

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217





--- Additional Comments From [EMAIL PROTECTED]  2007-01-11 17:15 ---
Created an attachment (id=19397)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19397&action=view)
Patch to set secure flag on SSO cookie when requested over https

There is an isSecure() method available in the Request object used by
AuthenticatorBase...not sure why you couldn't find it.  Attaching a patch that
sets the secure flag on the SSO cookie when accessed via https.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]