You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/12/16 17:45:24 UTC
svn commit: r891304 - in /tomcat/tc6.0.x/trunk: ./
java/org/apache/catalina/ha/session/ webapps/docs/
Author: markt
Date: Wed Dec 16 16:45:24 2009
New Revision: 891304
URL: http://svn.apache.org/viewvc?rev=891304&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
httpOnly flag not applied to migrated session cookie
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=891304&r1=891303&r2=891304&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Dec 16 16:45:24 2009
@@ -332,12 +332,6 @@
+1: markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
- httpOnly flag not applied to migrated session cookie
- https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
- +1: markt, jim, jfclere
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47799
Unable to configure domain in Membership and DomainFilterInterceptor
Patch provided by Keiichi Fujino
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java?rev=891304&r1=891303&r2=891304&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java Wed Dec 16 16:45:24 2009
@@ -471,12 +471,14 @@
newCookie.setSecure(true);
}
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jvmRoute.newSessionCookie",
- sessionId, Globals.SESSION_COOKIE_NAME, newCookie
- .getPath(), new Boolean(newCookie
- .getSecure())));
+ Object[] args = new Object[] {sessionId,
+ Globals.SESSION_COOKIE_NAME,
+ newCookie.getPath(),
+ new Boolean(newCookie.getSecure()),
+ new Boolean(context.getUseHttpOnly())};
+ log.debug(sm.getString("jvmRoute.newSessionCookie", args));
}
- response.addCookie(newCookie);
+ response.addCookieInternal(newCookie, context.getUseHttpOnly());
}
}
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties?rev=891304&r1=891303&r2=891304&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties Wed Dec 16 16:45:24 2009
@@ -78,7 +78,7 @@
jvmRoute.listener.stopped=SessionID Binder Listener stopped
jvmRoute.lostSession=Lost Session [{0}] at path [{1}]
jvmRoute.missingJvmRouteAttribute=No engine jvmRoute attribute configured!
-jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] path: [{2}] secure: [{3}]
+jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] path: [{2}] secure: [{3}] httpOnly: [{4}]
jvmRoute.noCluster=The JvmRouterBinderValve is configured, but clustering is not being used. Fail over will still work, providing a PersistentManager is used.
jvmRoute.notFoundManager=Not found Cluster DeltaManager {0} at {1}
jvmRoute.receiveMessage.sessionIDChanged=Cluster JvmRouteSessionIDBinderListener received orginal session ID [{0}] set to new id [{1}] for context path [{2}]
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties?rev=891304&r1=891303&r2=891304&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties Wed Dec 16 16:45:24 2009
@@ -78,7 +78,7 @@
jvmRoute.listener.stopped = Parado Oyente Ligador de SessionID
jvmRoute.lostSession = Perdida Sesi\u00F3n [{0}] en ruta [{1}]
jvmRoute.missingJvmRouteAttribute = \u00A1No se ha configurado atributo de motor jvmRoute\!
-jvmRoute.newSessionCookie = Poniendo cookie con id de sesi\u00F3n [{0}] nombre\: [{1}] ruta\: [{2}] seguro\: [{3}]
+jvmRoute.newSessionCookie = Poniendo cookie con id de sesi\u00F3n [{0}] nombre\: [{1}] ruta\: [{2}] seguro\: [{3}] httpOnly: [{4}]
jvmRoute.notFoundManager = No hallado Cl\u00FAster DeltaManager {0} en {1}
jvmRoute.receiveMessage.sessionIDChanged = Cl\u00FAster JvmRouteSessionIDBinderListener recibi\u00F3 ID original de sesi\u00F3n [{0}] puesto a nuevo id [{1}] para la ruta de contexto [{2}]
jvmRoute.run.already = receptor jvmRoute SessionID ya ejecutado
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=891304&r1=891303&r2=891304&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Dec 16 16:45:24 2009
@@ -469,6 +469,10 @@
<bug>47502</bug>: Don't replicate session attributes known not to be
serializable. (funkman)
</fix>
+ <fix>
+ <bug>47554</bug>: Include httpOnly attribute when re-writing session
+ cookie after fail over. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Webapps">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org