ASF Bugzilla – Attachment 21737 Details for
Bug 44382
Need to add support for HTTPOnly session cookie parameter
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for Response to include HttpOnly support from SessionCookie and Request
Response.java.patch (text/plain), 2.20 KB, created by
Jim Manico
on 2008-03-30 02:54:14 UTC
(
hide
)
Description:
Patch for Response to include HttpOnly support from SessionCookie and Request
Filename:
MIME Type:
Creator:
Jim Manico
Created:
2008-03-30 02:54:14 UTC
Size:
2.20 KB
patch
obsolete
>Index: C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/catalina/connector/Response.java >=================================================================== >--- C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/catalina/connector/Response.java (revision 642698) >+++ C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/catalina/connector/Response.java (working copy) >@@ -946,14 +946,13 @@ > > } > >- > /** > * Add the specified Cookie to those that will be included with > * this Response. > * > * @param cookie Cookie to be added > */ >- public void addCookieInternal(final Cookie cookie) { >+ public void addCookieInternal(final Cookie cookie, boolean httpOnly) { > > if (isCommitted()) > return; >@@ -968,7 +967,8 @@ > (sb, cookie.getVersion(), cookie.getName(), > cookie.getValue(), cookie.getPath(), > cookie.getDomain(), cookie.getComment(), >- cookie.getMaxAge(), cookie.getSecure()); >+ cookie.getMaxAge(), cookie.getSecure(), >+ httpOnly); > return null; > } > }); >@@ -976,7 +976,8 @@ > ServerCookie.appendCookieValue > (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(), > cookie.getPath(), cookie.getDomain(), cookie.getComment(), >- cookie.getMaxAge(), cookie.getSecure()); >+ cookie.getMaxAge(), cookie.getSecure(), >+ httpOnly); > } > //if we reached here, no exception, cookie is valid > // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 ) >@@ -986,6 +987,17 @@ > > cookies.add(cookie); > } >+ >+ /** >+ * Add the specified Cookie to those that will be included with >+ * this Response. This called the non-httpOnly version of >+ * addCookieInternal for backwards-compatibility support >+ * >+ * @param cookie Cookie to be added >+ */ >+ public void addCookieInternal(final Cookie cookie) { >+ addCookieInternal(cookie, false); >+ } > > > /**
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=21737">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 44382
:
21735
|
21736
|
21737
|
21741
|
21742
|
23497