On 01/03/2009, ma...@apache.org <ma...@apache.org> wrote: > Author: markt > Date: Sun Mar 1 12:47:54 2009 > New Revision: 749019 > > URL: http://svn.apache.org/viewvc?rev=749019&view=rev > Log: > Provide an option to use httpOnly for session cookies. Disabled by default. > ... ============================================================================== > --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java > (original) > +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java > Sun Mar 1 12:47:54 2009 > @@ -217,7 +217,11 @@ > */ > protected PropertyChangeSupport support = new > PropertyChangeSupport(this); > > - > + /** > + * The flag that indicates that session cookies should use HttpOnly > + */ > + protected boolean useHttpOnly = false; > + > // ------------------------------------------------------------- > Security classes > > > @@ -655,6 +659,27 @@ > > } > > + /** > + * Gets the value of the use HttpOnly cookies for session cookies flag. > + * > + * @return <code>true</code> if the HttpOnly flag should be set on > session > + * cookies > + */ > + public boolean getUseHttpOnly() { > + return useHttpOnly; > + } > + > + > + /** > + * Sets the use HttpOnly cookies for session cookies flag. > + * > + * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies > + * for session cookies > + */ > + public void setUseHttpOnly(boolean useHttpOnly) { > + this.useHttpOnly = useHttpOnly; > + } > + > // --------------------------------------------------------- Public > Methods
Since there are public get/set methods, why make the variable protected rather than private? It will be difficult to make the variable private later, and the fewer non-private variables, the easier it is to test and debug classes. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org