https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #23 from August Detlefsen 2010-01-31
12:23:31 UTC ---
(In reply to comment #22)
> This has been applied to 5.5.x and will be included in 5.5.28 onwards.
On Tomcat 5.5.28, when using context.xml.default to setup attributes for
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #21 from Mark Thomas 2009-06-11 09:44:45 PST ---
Sorry about that. I just removed it from trunk and 6.0.x
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mai
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #20 from Dillon Sellars 2009-06-11
09:32:19 PST ---
(In reply to comment #17)
> This has been implemented in 6.0.x and will be included in 6.0.19 onwards. It
> is disabled by default so you need to use:
>
>
>
>
>
>
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Mark Thomas changed:
What|Removed |Added
Attachment #21736|0 |1
is obsolete|
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #18 from Jim Manico 2009-03-05 12:47:18 PST ---
As the original poster of the feature request back in Feb 08, I want to extend
my sincere gratitude to the Mark and the Tomcat team for adding this patch to
trunk!
Thank you
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #17 from Mark Thomas 2009-03-01 04:49:28 PST ---
This has been implemented in 6.0.x and will be included in 6.0.19 onwards. It
is disabled by default so you need to use:
to enable it.
--
Configure bugmail: https://
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #16 from Mark Thomas <[EMAIL PROTECTED]> 2008-09-14 15:57:13 PST
---
With the current trunk implementation, you would need to do the following to
disable HttpOnly
As with any Context configuration you could set this
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #15 from Jim Manico <[EMAIL PROTECTED]> 2008-09-14 14:19:30 PST ---
Thanks for the clarification, Mark. If I'm reading this right - you are placing
the HttpOnly configuration option within the context of one virtual host
ins
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #14 from Mark Thomas <[EMAIL PROTECTED]> 2008-09-14 07:11:43 PST
---
I don't think I was too clear in my previous comment. Configuration isn't via
the Manager app it is via the Manager element that may be placed within a
Co
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #13 from Jim Manico <[EMAIL PROTECTED]> 2008-09-14 07:00:35 PST ---
Mark, thank you! I'm a big fan of the choices you made here in terms of
proposing default-on for tomcat 5/6 and easy configuration via the Tomcat
Manager.
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #12 from Mark Thomas <[EMAIL PROTECTED]> 2008-09-13 10:44:28 PST
---
I have applied a variation of your patches to trunk and will propose them for
6.0.x and 5.5.x shortly. The main differences are:
1. No change to the Serv
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #11 from Jim Manico <[EMAIL PROTECTED]> 2008-07-25 00:30:08 PST ---
Actually, the final mac IE version was 5.2.3, see
http://en.wikipedia.org/wiki/Internet_Explorer_for_Mac but you got my point, I
hope. HttpOnly in VERY rar
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #10 from Damien Bonvillain <[EMAIL PROTECTED]> 2008-07-25 00:27:00
PST ---
> And it will indeed break very old/obscure browsers like IE 5.5 on Mac
If only :-) But IE on Mac never reached 5.5, it stopped at 5.02.
--
Conf
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #9 from Jim Manico <[EMAIL PROTECTED]> 2008-07-24 18:47:23 PST ---
Thank you for your support to see my HttpOnly session id patch get pushed into
a future release of Tomcat. Several of the committers tell me that this patch
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #8 from david jencks <[EMAIL PROTECTED]> 2008-07-12 09:28:32 PST
---
The Servlet 3.0 spec EDR includes support for HttpOnly cookies. I've come up
with an untested 3.0 EA api jar for geronimo including the api change.
Sour
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Saptarshi <[EMAIL PROTECTED]> changed:
What|Removed |Added
CC||[EMAIL PROTECTED]
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Jim Manico <[EMAIL PROTECTED]> changed:
What|Removed |Added
Attachment #21735|0 |1
is obsol
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
--- Comment #5 from Jim Manico <[EMAIL PROTECTED]> 2008-03-31 12:44:09 PST ---
Created an attachment (id=21741)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=21741)
Patch for HttpOnly support in javax.servlet.http.Cookie
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Jim Manico <[EMAIL PROTECTED]> changed:
What|Removed |Added
URL|http://www.petefreitag.com/i|http://msdn2.micro
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Jim Manico <[EMAIL PROTECTED]> changed:
What|Removed |Added
AssignedTo|[EMAIL PROTECTED] |tomcat-
21 matches
Mail list logo
