Summary: | SingleSignOn Cookie does not honor https access: Login Information Disclosure | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Olaf Kock <asf-bugzilla-2006> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P2 | ||
Version: | 5.5.20 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | Patch to set secure flag on SSO cookie when requested over https |
Description
Olaf Kock
2006-12-20 05:13:27 UTC
Created attachment 19397 [details]
Patch to set secure flag on SSO cookie when requested over https
There is an isSecure() method available in the Request object used by
AuthenticatorBase...not sure why you couldn't find it. Attaching a patch that
sets the secure flag on the SSO cookie when accessed via https.
This has been fixed in svn. Many thanks for the patch. The fix will be in 5.5.21 onwards. Thanks for the fix - I believe I did not see the Request method because I had no IDE environment ready for tomcat source and just browsed through the source in a simple text editor - it's a lot easier to miss methods there. Olaf |