You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/01/14 04:18:07 UTC
svn commit: r496025 - in /tomcat/container/tc5.5.x:
catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
webapps/docs/changelog.xml
Author: markt
Date: Sat Jan 13 19:18:06 2007
New Revision: 496025
URL: http://svn.apache.org/viewvc?view=rev&rev=496025
Log:
Fix bug 41217. Make SSO cookie secure when created during a secure request. Patch provided by Chris Halstead.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java?view=diff&rev=496025&r1=496024&r2=496025
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Sat Jan 13 19:18:06 2007
@@ -746,6 +746,9 @@
cookie.setMaxAge(-1);
cookie.setPath("/");
+ // Bugzilla 41217
+ cookie.setSecure(request.isSecure());
+
// Bugzilla 34724
String ssoDomain = sso.getCookieDomain();
if(ssoDomain != null) {
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?view=diff&rev=496025&r1=496024&r2=496025
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Jan 13 19:18:06 2007
@@ -141,6 +141,11 @@
extend ValveBase. (markt)
</fix>
<fix>
+ <bug>41217</bug>: Set secure attribute on SSO cookie when cookie is
+ created during a secure request. Patch provided by Chris Halstead.
+ (markt)
+ </fix>
+ <fix>
Ensure Accept-Language headers conform to RFC 2616. Ignore them if
they do not. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org