You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2010/12/05 14:48:31 UTC
svn commit: r1042350 - in /tomcat/site/trunk: docs/migration.html
xdocs/migration.xml
Author: kkolinko
Date: Sun Dec 5 13:48:31 2010
New Revision: 1042350
URL: http://svn.apache.org/viewvc?rev=1042350&view=rev
Log:
Note disableURLRewriting and useHttpOnly options changes.
Modified:
tomcat/site/trunk/docs/migration.html
tomcat/site/trunk/xdocs/migration.xml
Modified: tomcat/site/trunk/docs/migration.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration.html?rev=1042350&r1=1042349&r2=1042350&view=diff
==============================================================================
--- tomcat/site/trunk/docs/migration.html (original)
+++ tomcat/site/trunk/docs/migration.html Sun Dec 5 13:48:31 2010
@@ -845,23 +845,42 @@ compatibility problems.</p>
<p>With the addition of <code>SessionCookieConfig</code> in the Servlet 3.0
specification, a number of session cookie configuration options have been
removed to reduce configuration and code complexity.</p>
-
+
<ul>
- <li>Connector.emptySessionPath: This has been removed. An equivalent
+ <li>
+<strong>Connector</strong>
+<code>.emptySessionPath</code>: This has been removed. An equivalent
effect can be obtained by configuring sessionCookiePath="/" in the global
context.xml (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_COOKIE_NAME system property: This has been
+ <li>
+<code>org.apache.catalina.SESSION_COOKIE_NAME</code> system property: This has been
removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_PARAMETER_NAME system property: This has
+ <li>
+<code>org.apache.catalina.SESSION_PARAMETER_NAME</code> system property: This has
been removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
+
+ <li>
+<strong>Context</strong>
+<code>.disableURLRewriting</code>: This has
+ been removed. An equivalent effect can be obtained by configuring the
+ <code>session-config/tracking-mode</code> elements in a web application
+ or in the global <conf>CATALINA_BASE/conf/web.xml</conf> file.</li>
</ul>
+ <p>The session and SSO cookies in Tomcat 7 are being sent with HttpOnly
+ flag by default, to instruct browsers to prevent access to those cookies
+ from JavaScript.
+ (This can be enabled in Tomcat 6.0 and 5.5 by setting
+ <code>useHttpOnly="true"</code> on <strong>Context</strong> element in
+ a web application or in the global
+ <code>CATALINA_BASE/conf/context.xml</code> file).</p>
+
</blockquote>
</td>
</tr>
Modified: tomcat/site/trunk/xdocs/migration.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration.xml?rev=1042350&r1=1042349&r2=1042350&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/migration.xml (original)
+++ tomcat/site/trunk/xdocs/migration.xml Sun Dec 5 13:48:31 2010
@@ -228,23 +228,36 @@ compatibility problems.</p>
<p>With the addition of <code>SessionCookieConfig</code> in the Servlet 3.0
specification, a number of session cookie configuration options have been
removed to reduce configuration and code complexity.</p>
-
+
<ul>
- <li>Connector.emptySessionPath: This has been removed. An equivalent
+ <li><strong>Connector</strong><code>.emptySessionPath</code>: This has been removed. An equivalent
effect can be obtained by configuring sessionCookiePath="/" in the global
context.xml (in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_COOKIE_NAME system property: This has been
+ <li><code>org.apache.catalina.SESSION_COOKIE_NAME</code> system property: This has been
removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
- <li>org.apache.catalina.SESSION_PARAMETER_NAME system property: This has
+ <li><code>org.apache.catalina.SESSION_PARAMETER_NAME</code> system property: This has
been removed. An equivalent effect can be obtained by configuring the
- sessionCookieName attribute for the global context.xml
+ <code>sessionCookieName</code> attribute for the global context.xml
(in <code>CATALINA_BASE/conf/context.xml</code>).</li>
+
+ <li><strong>Context</strong><code>.disableURLRewriting</code>: This has
+ been removed. An equivalent effect can be obtained by configuring the
+ <code>session-config/tracking-mode</code> elements in a web application
+ or in the global <conf>CATALINA_BASE/conf/web.xml</conf> file.</li>
</ul>
+ <p>The session and SSO cookies in Tomcat 7 are being sent with HttpOnly
+ flag by default, to instruct browsers to prevent access to those cookies
+ from JavaScript.
+ (This can be enabled in Tomcat 6.0 and 5.5 by setting
+ <code>useHttpOnly="true"</code> on <strong>Context</strong> element in
+ a web application or in the global
+ <code>CATALINA_BASE/conf/context.xml</code> file).</p>
+
</subsection>
<subsection name="Comet">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1042350 - in /tomcat/site/trunk: docs/migration.html xdocs/migration.xml
Posted by Konstantin Kolinko <kk...@apache.org>.
2010/12/5 <kk...@apache.org>:
> Author: kkolinko
> Date: Sun Dec 5 13:48:31 2010
> New Revision: 1042350
>
> URL: http://svn.apache.org/viewvc?rev=1042350&view=rev
> Log:
> Note disableURLRewriting and useHttpOnly options changes.
>
> Modified:
> tomcat/site/trunk/docs/migration.html
> tomcat/site/trunk/xdocs/migration.xml
>
migration.html mentions "sessionCookieName" option on <Context> in
Tomcat 7, but it is not documented in config/context.xml.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org