You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/11/25 01:41:12 UTC
DO NOT REPLY [Bug 24739] -
Control of secure flag when establishing sessions through https using cookies
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739
Control of secure flag when establishing sessions through https using cookies
medthomas@ntlworld.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|Minor |Enhancement
------- Additional Comments From medthomas@ntlworld.com 2003-11-25 00:41 -------
Tomcat 4 (and 5) work this way to protect sessions created in SSL from being
at risk of session hijacking if transferred back to http. That being said,
there have been a number of requests for this type of functionality on tomcat-
user.
As this is not strictly a bug, I am setting it to an enhancement request.
Until such time as a patch is written, using something similar to the
following in your jsp will provide a work-around.
<A HREF="http://localhost:8080/bug24739/display.jsp;jsessionid=<%=session.getId
()%>">display session cookie(http)</A>
Obviously, you will need to
replace "http://localhost:8080/bug24739/display.jsp" with something
appropriate to your environment.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org