Antonio Sanso created FELIX-5099:
------------------------------------
Summary: JSESSIONID Cookie in HTTPS Session Without 'Secure' and
‘HttpOnly’ Attributes
Key: FELIX-5099
URL: https://issues.apache.org/jira/browse/FELIX-5099
Project: Felix
Issue Type: Bug
Components: HTTP Service
Reporter: Antonio Sanso
The session Cookie JSESSIONID has not the attributes HttpOnly and Secure;
There is already a pull request to address the HttpOnly case in
https://github.com/apache/felix/pull/12/files
Same approach can be used to address the secure flag
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
