You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/06/13 23:04:05 UTC

svn commit: r1602521 - in /tomcat/trunk/webapps: docs/changelog.xml examples/WEB-INF/classes/CookieExample.java

Author: markt
Date: Fri Jun 13 21:04:05 2014
New Revision: 1602521

URL: http://svn.apache.org/r1602521
Log:
Set the path for cookies created by the examples web app
This reduces the opportunity for using such cookies for malicious purposes should the advice to remove the examples web application from security sensitive systems be ignored.

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1602521&r1=1602520&r2=1602521&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 13 21:04:05 2014
@@ -256,6 +256,17 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Set the path for cookies created by the examples web application so they
+        only returned to the examples application. This reduces the opportunity
+        for using such cookies for malicious purposes should the advice to
+        remove the examples web application from security sensitive systems be
+        ignored. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>

Modified: tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java?rev=1602521&r1=1602520&r2=1602521&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java (original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/CookieExample.java Fri Jun 13 21:04:05 2014
@@ -50,6 +50,7 @@ public class CookieExample extends HttpS
         Cookie aCookie = null;
         if (cookieName != null && cookieValue != null) {
             aCookie = new Cookie(cookieName, cookieValue);
+            aCookie.setPath(request.getServletContext().getContextPath());
             response.addCookie(aCookie);
         }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org