You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/03/03 23:36:41 UTC

svn commit: r918741 - /tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java

Author: markt
Date: Wed Mar  3 22:36:41 2010
New Revision: 918741

URL: http://svn.apache.org/viewvc?rev=918741&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
httpOnly flag not applied to migrated session cookie
(should be been applied at same time as fix was applied to o.a.c.ha.session.JvmRouteBinderValve)

Modified:
    tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java

Modified: tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java?rev=918741&r1=918740&r2=918741&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java (original)
+++ tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java Wed Mar  3 22:36:41 2010
@@ -475,12 +475,14 @@
                     newCookie.setSecure(true);
                 }
                 if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("jvmRoute.newSessionCookie",
-                            sessionId, Globals.SESSION_COOKIE_NAME, newCookie
-                                    .getPath(), new Boolean(newCookie
-                                    .getSecure())));
+                    Object[] args = new Object[] {sessionId,
+                            Globals.SESSION_COOKIE_NAME,
+                            newCookie.getPath(),
+                            new Boolean(newCookie.getSecure()),
+                            new Boolean(context.getUseHttpOnly())};
+                    log.debug(sm.getString("jvmRoute.newSessionCookie", args));
                 }
-                response.addCookie(newCookie);
+                response.addCookieInternal(newCookie, context.getUseHttpOnly());
             }
         }
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org