Index: C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/catalina/connector/Response.java =================================================================== --- C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/catalina/connector/Response.java (revision 642698) +++ C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/catalina/connector/Response.java (working copy) @@ -946,14 +946,13 @@ } - /** * Add the specified Cookie to those that will be included with * this Response. * * @param cookie Cookie to be added */ - public void addCookieInternal(final Cookie cookie) { + public void addCookieInternal(final Cookie cookie, boolean httpOnly) { if (isCommitted()) return; @@ -968,7 +967,8 @@ (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getComment(), - cookie.getMaxAge(), cookie.getSecure()); + cookie.getMaxAge(), cookie.getSecure(), + httpOnly); return null; } }); @@ -976,7 +976,8 @@ ServerCookie.appendCookieValue (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getComment(), - cookie.getMaxAge(), cookie.getSecure()); + cookie.getMaxAge(), cookie.getSecure(), + httpOnly); } //if we reached here, no exception, cookie is valid // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 ) @@ -986,6 +987,17 @@ cookies.add(cookie); } + + /** + * Add the specified Cookie to those that will be included with + * this Response. This called the non-httpOnly version of + * addCookieInternal for backwards-compatibility support + * + * @param cookie Cookie to be added + */ + public void addCookieInternal(final Cookie cookie) { + addCookieInternal(cookie, false); + } /**