You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/01/27 22:25:42 UTC

svn commit: r500626 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml

Author: markt
Date: Sat Jan 27 13:25:41 2007
New Revision: 500626

URL: http://svn.apache.org/viewvc?view=rev&rev=500626
Log:
Port fox for bug 41217. Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead.

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?view=diff&rev=500626&r1=500625&r2=500626
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Sat Jan 27 13:25:41 2007
@@ -743,6 +743,9 @@
             cookie.setMaxAge(-1);
             cookie.setPath("/");
             
+            // Bugzilla 41217
+            cookie.setSecure(request.isSecure());
+
             // Bugzilla 34724
             String ssoDomain = sso.getCookieDomain();
             if(ssoDomain != null) {

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?view=diff&rev=500626&r1=500625&r2=500626
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Jan 27 13:25:41 2007
@@ -30,6 +30,11 @@
         Fix error messages when parsing context.xml that incorrectly referred to
         web.xml. (markt)
       </fix>
+      <fix>
+        <bug>41217</bug>: Set secure attribute on SSO cookie when cookie is
+        created during a secure request. Patch provided by Chris Halstead.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org