Author: markt Date: Wed Dec 16 16:45:24 2009 New Revision: 891304 URL: http://svn.apache.org/viewvc?rev=891304&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554 httpOnly flag not applied to migrated session cookie
Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=891304&r1=891303&r2=891304&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Dec 16 16:45:24 2009 @@ -332,12 +332,6 @@ +1: markt -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554 - httpOnly flag not applied to migrated session cookie - https://issues.apache.org/bugzilla/show_bug.cgi?id=47554 - +1: markt, jim, jfclere - -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47799 Unable to configure domain in Membership and DomainFilterInterceptor Patch provided by Keiichi Fujino Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java?rev=891304&r1=891303&r2=891304&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java Wed Dec 16 16:45:24 2009 @@ -471,12 +471,14 @@ newCookie.setSecure(true); } if (log.isDebugEnabled()) { - log.debug(sm.getString("jvmRoute.newSessionCookie", - sessionId, Globals.SESSION_COOKIE_NAME, newCookie - .getPath(), new Boolean(newCookie - .getSecure()))); + Object[] args = new Object[] {sessionId, + Globals.SESSION_COOKIE_NAME, + newCookie.getPath(), + new Boolean(newCookie.getSecure()), + new Boolean(context.getUseHttpOnly())}; + log.debug(sm.getString("jvmRoute.newSessionCookie", args)); } - response.addCookie(newCookie); + response.addCookieInternal(newCookie, context.getUseHttpOnly()); } } } Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties?rev=891304&r1=891303&r2=891304&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings.properties Wed Dec 16 16:45:24 2009 @@ -78,7 +78,7 @@ jvmRoute.listener.stopped=SessionID Binder Listener stopped jvmRoute.lostSession=Lost Session [{0}] at path [{1}] jvmRoute.missingJvmRouteAttribute=No engine jvmRoute attribute configured! -jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] path: [{2}] secure: [{3}] +jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] path: [{2}] secure: [{3}] httpOnly: [{4}] jvmRoute.noCluster=The JvmRouterBinderValve is configured, but clustering is not being used. Fail over will still work, providing a PersistentManager is used. jvmRoute.notFoundManager=Not found Cluster DeltaManager {0} at {1} jvmRoute.receiveMessage.sessionIDChanged=Cluster JvmRouteSessionIDBinderListener received orginal session ID [{0}] set to new id [{1}] for context path [{2}] Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties?rev=891304&r1=891303&r2=891304&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/LocalStrings_es.properties Wed Dec 16 16:45:24 2009 @@ -78,7 +78,7 @@ jvmRoute.listener.stopped = Parado Oyente Ligador de SessionID jvmRoute.lostSession = Perdida Sesi\u00F3n [{0}] en ruta [{1}] jvmRoute.missingJvmRouteAttribute = \u00A1No se ha configurado atributo de motor jvmRoute\! -jvmRoute.newSessionCookie = Poniendo cookie con id de sesi\u00F3n [{0}] nombre\: [{1}] ruta\: [{2}] seguro\: [{3}] +jvmRoute.newSessionCookie = Poniendo cookie con id de sesi\u00F3n [{0}] nombre\: [{1}] ruta\: [{2}] seguro\: [{3}] httpOnly: [{4}] jvmRoute.notFoundManager = No hallado Cl\u00FAster DeltaManager {0} en {1} jvmRoute.receiveMessage.sessionIDChanged = Cl\u00FAster JvmRouteSessionIDBinderListener recibi\u00F3 ID original de sesi\u00F3n [{0}] puesto a nuevo id [{1}] para la ruta de contexto [{2}] jvmRoute.run.already = receptor jvmRoute SessionID ya ejecutado Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=891304&r1=891303&r2=891304&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Dec 16 16:45:24 2009 @@ -469,6 +469,10 @@ <bug>47502</bug>: Don't replicate session attributes known not to be serializable. (funkman) </fix> + <fix> + <bug>47554</bug>: Include httpOnly attribute when re-writing session + cookie after fail over. (markt) + </fix> </changelog> </subsection> <subsection name="Webapps"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org