You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2010/12/02 02:51:56 UTC
svn commit: r1041251 - in /tomcat/tc6.0.x/trunk: STATUS.txt
webapps/docs/changelog.xml webapps/host-manager/META-INF/context.xml
webapps/host-manager/manager.xml webapps/manager/META-INF/context.xml
Author: kkolinko
Date: Thu Dec 2 01:51:55 2010
New Revision: 1041251
URL: http://svn.apache.org/viewvc?rev=1041251&view=rev
Log:
Configure manager and host-manager webapps to use HttpOnly for session cookies
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/host-manager/META-INF/context.xml
tomcat/tc6.0.x/trunk/webapps/host-manager/manager.xml
tomcat/tc6.0.x/trunk/webapps/manager/META-INF/context.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1041251&r1=1041250&r2=1041251&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Dec 2 01:51:55 2010
@@ -198,11 +198,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt
-1:
-* Configure manager and host-manager webapps to use HttpOnly for session cookies
- http://people.apache.org/~kkolinko/patches/2010-11-22_tc6_httpOnly.patch
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50316
Fix minor glitch with display of negative values in Manager webapp
http://svn.apache.org/viewvc?rev=1037887&view=rev
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1041251&r1=1041250&r2=1041251&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Dec 2 01:51:55 2010
@@ -349,6 +349,10 @@
<bug>50294</bug>: Add more information to documentation regarding format
of configuration files. Patch provided by Luke Meyer. (markt)
</add>
+ <update>
+ Configure the Manager and Host-Manager web applications to use HttpOnly
+ flag for their session cookies. (kkolinko)
+ </update>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/tc6.0.x/trunk/webapps/host-manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/host-manager/META-INF/context.xml?rev=1041251&r1=1041250&r2=1041251&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/host-manager/META-INF/context.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/host-manager/META-INF/context.xml Thu Dec 2 01:51:55 2010
@@ -15,4 +15,4 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" useHttpOnly="true" />
Modified: tomcat/tc6.0.x/trunk/webapps/host-manager/manager.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/host-manager/manager.xml?rev=1041251&r1=1041250&r2=1041251&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/host-manager/manager.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/host-manager/manager.xml Thu Dec 2 01:51:55 2010
@@ -25,6 +25,6 @@
<Context docBase="${catalina.home}/webapps/manager"
- privileged="true" antiResourceLocking="false" antiJARLocking="false">
+ privileged="true" antiResourceLocking="false" antiJARLocking="false" useHttpOnly="true">
</Context>
Modified: tomcat/tc6.0.x/trunk/webapps/manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/manager/META-INF/context.xml?rev=1041251&r1=1041250&r2=1041251&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/manager/META-INF/context.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/manager/META-INF/context.xml Thu Dec 2 01:51:55 2010
@@ -15,4 +15,4 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" useHttpOnly="true" />
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org