You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/01/12 02:15:31 UTC

DO NOT REPLY [Bug 41217] - SingleSignOn Cookie does not honor https access: Login Information Disclosure

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41217





------- Additional Comments From chris@sourcelabs.com  2007-01-11 17:15 -------
Created an attachment (id=19397)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19397&action=view)
Patch to set secure flag on SSO cookie when requested over https

There is an isSecure() method available in the Request object used by
AuthenticatorBase...not sure why you couldn't find it.	Attaching a patch that
sets the secure flag on the SSO cookie when accessed via https.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org