You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/03/03 23:36:41 UTC
svn commit: r918741 -
/tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
Author: markt
Date: Wed Mar 3 22:36:41 2010
New Revision: 918741
URL: http://svn.apache.org/viewvc?rev=918741&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
httpOnly flag not applied to migrated session cookie
(should be been applied at same time as fix was applied to o.a.c.ha.session.JvmRouteBinderValve)
Modified:
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
Modified: tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java?rev=918741&r1=918740&r2=918741&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java (original)
+++ tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java Wed Mar 3 22:36:41 2010
@@ -475,12 +475,14 @@
newCookie.setSecure(true);
}
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jvmRoute.newSessionCookie",
- sessionId, Globals.SESSION_COOKIE_NAME, newCookie
- .getPath(), new Boolean(newCookie
- .getSecure())));
+ Object[] args = new Object[] {sessionId,
+ Globals.SESSION_COOKIE_NAME,
+ newCookie.getPath(),
+ new Boolean(newCookie.getSecure()),
+ new Boolean(context.getUseHttpOnly())};
+ log.debug(sm.getString("jvmRoute.newSessionCookie", args));
}
- response.addCookie(newCookie);
+ response.addCookieInternal(newCookie, context.getUseHttpOnly());
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org