You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2015/11/13 09:14:10 UTC
[jira] [Updated] (FELIX-5099) JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes
[ https://issues.apache.org/jira/browse/FELIX-5099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antonio Sanso updated FELIX-5099:
---------------------------------
Attachment: FELIX-5099-patch.txt
attaching proposed patch
> JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes
> -----------------------------------------------------------------------------
>
> Key: FELIX-5099
> URL: https://issues.apache.org/jira/browse/FELIX-5099
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Reporter: Antonio Sanso
> Attachments: FELIX-5099-patch.txt
>
>
> The session Cookie JSESSIONID has not the attributes HttpOnly and Secure;
> There is already a pull request to address the HttpOnly case in https://github.com/apache/felix/pull/12/files
> Same approach can be used to address the secure flag
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)