You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2015/11/13 09:01:10 UTC

[jira] [Created] (FELIX-5099) JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes

Antonio Sanso created FELIX-5099:
------------------------------------

             Summary: JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes
                 Key: FELIX-5099
                 URL: https://issues.apache.org/jira/browse/FELIX-5099
             Project: Felix
          Issue Type: Bug
          Components: HTTP Service
            Reporter: Antonio Sanso


The session Cookie JSESSIONID has not the attributes HttpOnly and Secure; 

There is already a pull request to address the HttpOnly case in https://github.com/apache/felix/pull/12/files

Same approach can be used to address the secure flag



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)