svn commit: r1060560 - in /tomcat/tc5.5.x/trunk: ./ container/webapps/admin/ container/webapps/docs/ container/webapps/host-manager/ container/webapps/manager/

Tue, 18 Jan 2011 12:27:22 -0800 

Author: kkolinko
Date: Tue Jan 18 20:26:56 2011
New Revision: 1060560

URL: http://svn.apache.org/viewvc?rev=1060560&view=rev
Log:
Configure manager, host-manager and admin webapps to use HttpOnly for session 
cookies

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    tomcat/tc5.5.x/trunk/container/webapps/admin/admin.xml
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
    tomcat/tc5.5.x/trunk/container/webapps/host-manager/host-manager.xml
    tomcat/tc5.5.x/trunk/container/webapps/host-manager/manager.xml
    tomcat/tc5.5.x/trunk/container/webapps/manager/manager.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1060560&r1=1060559&r2=1060560&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Tue Jan 18 20:26:56 2011
@@ -71,11 +71,6 @@ PATCHES PROPOSED TO BACKPORT:
    patched tomcat.nsi of tc5.5 on top of it:
    (  
http://people.apache.org/~kkolinko/patches/2011-01-17_tc55_tomcat-nsi-of-tc7_vs_tc55.diff
 )
 
-* Configure manager, host-manager and admin webapps to use HttpOnly for 
session cookies
-  http://people.apache.org/~kkolinko/patches/2010-11-22_tc55_httpOnly.patch
-  +1: kkolinko, rjung, markt
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50460
   Avoid leak caused by using a cached exception instance
   http://svn.apache.org/viewvc?rev=1044987&view=rev

Modified: tomcat/tc5.5.x/trunk/container/webapps/admin/admin.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/admin.xml?rev=1060560&r1=1060559&r2=1060560&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/admin/admin.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/admin/admin.xml Tue Jan 18 20:26:56 
2011
@@ -25,7 +25,7 @@
 
 
 <Context docBase="${catalina.home}/server/webapps/admin" privileged="true"
-         antiResourceLocking="false" antiJARLocking="false">
+         antiResourceLocking="false" antiJARLocking="false" useHttpOnly="true">
 
   <!-- Uncomment this Valve to limit access to the Admin app to localhost
    for obvious security reasons. Allow is a comma-separated list of

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1060560&r1=1060559&r2=1060560&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Tue Jan 18 
20:26:56 2011
@@ -113,6 +113,10 @@
       <fix>
         Improve filtering of Manager display output. (kkolinko) 
       </fix>
+      <update>
+        Configure the Admin, Manager and Host-Manager web applications to use
+        HttpOnly flag for their session cookies. (kkolinko)
+      </update>
     </changelog>
   </subsection>
 </section>

Modified: tomcat/tc5.5.x/trunk/container/webapps/host-manager/host-manager.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/host-manager/host-manager.xml?rev=1060560&r1=1060559&r2=1060560&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/host-manager/host-manager.xml 
(original)
+++ tomcat/tc5.5.x/trunk/container/webapps/host-manager/host-manager.xml Tue 
Jan 18 20:26:56 2011
@@ -25,6 +25,6 @@
 
 
 <Context docBase="${catalina.home}/server/webapps/host-manager"
-         privileged="true" antiResourceLocking="false" antiJARLocking="false">
+         privileged="true" antiResourceLocking="false" antiJARLocking="false" 
useHttpOnly="true">
 
 </Context>

Modified: tomcat/tc5.5.x/trunk/container/webapps/host-manager/manager.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/host-manager/manager.xml?rev=1060560&r1=1060559&r2=1060560&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/host-manager/manager.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/host-manager/manager.xml Tue Jan 18 
20:26:56 2011
@@ -25,6 +25,6 @@
 
 
 <Context docBase="${catalina.home}/server/webapps/manager"
-         privileged="true" antiResourceLocking="false" antiJARLocking="false">
+         privileged="true" antiResourceLocking="false" antiJARLocking="false" 
useHttpOnly="true">
 
 </Context>

Modified: tomcat/tc5.5.x/trunk/container/webapps/manager/manager.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/manager/manager.xml?rev=1060560&r1=1060559&r2=1060560&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/manager/manager.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/manager/manager.xml Tue Jan 18 
20:26:56 2011
@@ -25,7 +25,7 @@
 
 
 <Context docBase="${catalina.home}/server/webapps/manager"
-         privileged="true" antiResourceLocking="false" antiJARLocking="false">
+         privileged="true" antiResourceLocking="false" antiJARLocking="false" 
useHttpOnly="true">
 
   <!-- Link to the user database we will get roles from -->
   <ResourceLink name="users" global="UserDatabase"



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to